Job Description:
Security Risk Management Lead
Location: Hybrid London or Newcastle, UK
DXC’s Insurance Software and BPS business provides a range of software and services to the global insurance market including life, wealth, health, commercial and speciality, property and casualty, and reinsurance. DXC is also a key partner of the London Market, providing digital transformation and outsourcing services.
DXC’s insurance business has 13,000 domain experts serving 2,000 insurance customers operating in over 100 countries worldwide.
Role Overview
The Security Risk Managment Lead will be responsible for refreshing and managing the security risk program across both heritage and digital IT estates in the London Markets account. This role will assess the current risk posture, ensure risk coverage, and produce actionable risk reports. The successful candidate will work closely with the Vulnerability and Remediation Managers to align risk findings with remediation plans and drive continual improvement.
Key Responsibilities
Strategic Risk Management
Redesign and implement a comprehensive security risk management framework.
Establish KPIs and success criteria for risk posture and mitigation effectiveness.
Lead the continual improvement program for risk management.
Risk Assessment and Reporting
Assess current risk coverage across the estate.
Maintain and publish regular reports on risk status, trends, and aged risks.
Link vulnerability findings and remediation actions to risk items.
Stakeholder Engagement
Collaborate with vulnerability and remediation managers to align risk and remediation priorities.
Work with technical teams to support risk mitigation planning.
Provide executive-level summaries and technical reports to leadership.
Governance and Compliance
Align with central corporate policies and maintain risk management standards, and procedures.
Ensure alignment with regulatory requirements and industry best practices.
Support internal and external audits with documentation and evidence.
Tool and Process Oversight
Ensure risk management tools are properly configured and integrated.
Maintain a risk matrix that maps risks to configuration items, owners, and remediation schedules.
Key Challenges
Evaluate the existing baseline for risk posture across diverse systems.
Integrating risk data with vulnerability and remediation tracking.
Addressing aged risks and converting accepted risks into actionable items.
Producing clear, publishable reports for all levels of the organisation.
Educational & Professional Requirements
Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, or a related field.
Preferred: Certifications such as CRISC, CISSP, CISM, or ISO 27005.
Experience in security risk management or related domains.
Proven experience managing teams and driving security improvement programs.
What we can offer you:
Competitive Compensation & Pension Scheme – Rewarding your expertise while securing your future.
Comprehensive Benefits Package – Including DXC Select, Perks at Work, and incentive programs for exclusive savings and rewards.
Continuous Learning & Development – Access to upskilling opportunities, career growth resources, and industry-leading training.
Lifestyle Perks – Enjoy options like the Salary Sacrifice Car Scheme and more.
At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive.
Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.