Cyber Risk Specialist

Cyber Risk Specialist - London (on-site) - up to £120,000 + bonus + benefits

We are working with a leading global investment management firm that is looking to hire a Cyber Risk Specialist for its security team. The business operates in a sophisticated, technology-led environment and is seeking someone who can help mature its approach to cyber risk, governance, assurance, and control oversight.

This is a visible role with regular engagement across security, technology, compliance, legal, and wider business teams. It would suit a cyber risk, GRC, audit, or assurance professional who enjoys bringing structure to complex environments, translating security risks into clear business language, and supporting practical improvements across governance and control frameworks.

Responsibilities:

  • Own and develop the Information Security risk register, keeping it accurate, actionable, and aligned to business priorities.
  • Partner with stakeholders to identify, assess, monitor, and reduce cyber risks across internal systems, processes, and third-party relationships.
  • Produce clear reporting, dashboards, and risk summaries that support senior decision-making.
  • Monitor remediation activity, helping teams prioritise actions based on risk and business impact.
  • Review, update, and improve security policies, standards, procedures, and related governance materials.
  • Help ensure security requirements remain aligned with recognised frameworks, regulatory expectations, contractual commitments, and operational needs.
  • Support audits, external assessments, client assurance requests, regulatory queries, and internal review activity.
  • Coordinate evidence gathering across technical and business teams, ensuring assurance materials are complete, reliable, and well maintained.
  • Assist with control testing, control mapping, and effectiveness reviews across frameworks such as ISO 27001, NIST, SOC 2, DORA, or similar.
  • Identify gaps in controls or processes and work with relevant teams to agree proportionate remediation plans.
  • Support security awareness initiatives, with a focus on tailoring content and messaging for different audiences.
  • Use metrics, trends, and assurance findings to highlight emerging risks, control health, and areas requiring attention.

Requirements:

  • At least 5 years’ experience across information security, cyber risk, GRC, audit, assurance, or a closely related area.
  • Good knowledge of common security frameworks, standards, and regulatory requirements, including ISO 27001, NIST, SOC 2, DORA, or comparable frameworks.
  • Previous involvement in audits, assurance programmes, regulatory reviews, client due diligence, or control assessment activity.
  • Strong communication skills, including the ability to write clearly and present risk information to technical and non-technical audiences.
  • Experience working with stakeholders across technology, legal, compliance, security, and business functions.
  • Highly organised, with the ability to manage several workstreams and follow actions through to completion.
  • Exposure to GRC tooling such as Drata, Vanta, ServiceNow GRC, Archer, or similar platforms.
  • Comfortable using data, dashboards, metrics, and evidence to support risk assessments, reporting, and recommendations.
  • Able to take ownership of smaller projects or workstreams with limited supervision.

Additional exposure to cloud, infrastructure, software development, third-party technology risk, operational resilience, or evidence management improvements would also be beneficial.

For more information, please apply.

Apply Now
Apply Now

Job Details

Company
La Fosse
Location
London Area, United Kingdom
Posted