Risk Manager

Senior Cybersecurity Risk & Governance Lead | GRC

Are you a Risk Expert who thrives on complexity?

I’m recruiting for a Senior Technical Risk & Governance Lead for one of the world’s most influential technology firms. They don't just build products; they build the foundations of modern computing.

This is a contract engagement, inside IR35, based out of their Cambridge offices (hybrid working).

To keep the ad authentic to the original while maintaining "blind" status, I have stripped out the company name and specific brand identifiers (like "Arm’s Information Security Risk Management Framework") and replaced them with high-prestige descriptors that fit a top-tier tech/semiconductor firm.

Key Responsibilities:

  • Framework Evolution: Expertly navigate and enhance our Information Security Risk Management Framework within ServiceNow IRM, applying qualitative and quantitative risk management principles to empower decision-making.
  • Third-Party Risk: Lead third-party cyber risk management by conducting structured assessments, reviewing contracts, and overseeing ongoing supplier monitoring.
  • Post-Incident Leadership: Run post-incident reviews to identify root causes, extract systemic insights, and ensure lessons learned are integrated into the control environment and risk register.
  • Metric Development: Develop Key Risk and Key Control Indicators (KRIs/KCIs) to monitor security control effectiveness across critical assets and third-party domains.
  • Cross-Functional Collaboration: Work across the business to reduce risk, ensure accountability for remediation, and improve visibility at speed.

Required Skills and Experience:

  • Qualifications: Holds certifications such as CRISC, CISM, CISSP, or FAIR. Although experience, impact, and the courage to challenge matter more than acronyms.
  • Technical Expertise: Must have hands-on experience with risk assessment methodologies, risk quantification, and ServiceNow IRM.
  • Framework Knowledge: Deep knowledge of security technologies and control frameworks such as ISO 27001, NIST CSF, and NIST SP800-53.
  • Third-Party Mastery: Proven experience in third-party security risk management—comfortable leading assessments, influencing decisions, and challenging skilfully.
  • Data-Driven: Confident working with metrics and data, drawing conclusions, and using dashboards to inform senior-level decisions.
  • Future-Focused: A champion of AI and Automation within the GRC space.
  • Communication: Advanced communicator able to translate technical risks into actionable business impact for senior leadership.
  • Scale: Experience with globally distributed teams, large-scale vendor ecosystems, and fast-moving, dynamic environments.

Keywords: GRC / Cyber Risk / Third-Party Risk / TPRM / ServiceNow IRM / FAIR / NIST CSF / ISO 27001 / Risk Quantification / Cambridge / Inside IR35 / Information Security

By applying to this role you understand that we may collect your personal data and store and process it on our systems. For more information please see our Privacy Notice https://eu-recruit.com/wp-content/uploads/2024/07/European-Tech-Recruit-Privacy-Notice-2024.pdf

Apply Now
Apply Now

Job Details

Company
European Tech Recruit
Location
Cambridge, England, United Kingdom
Hybrid / Remote Options
Posted