Role Overview

We are seeking a highly motivated and experienced Senior Manager of Risk to lead our cyber risk and third-party risk management functions within the Cyber Governance, Risk & Compliance (GRC) team. This individual will manage a small team of risk professionals and be responsible for building, embedding, and continuously improving the organisation’s cyber risk management framework, ensuring effective oversight of third-party and supplier risks, and supporting executive and board-level reporting.
 

Key Responsibilities

Cyber Risk Management
 

Lead the development, implementation, and ongoing maturity of the cyber risk management framework. Oversee risk identification, assessment, treatment, and monitoring across all cyber domains. Provide risk insights and reporting to senior leadership, risk committees, and the board. Partner with business and technology teams to ensure risks are effectively understood, prioritised, and mitigated. Drive risk culture awareness, ensuring risk management principles are embedded across the organisation.
 

Third-Party Risk Management

Oversee the third-party risk management (TPRM) programme, including onboarding, due diligence, and ongoing monitoring of suppliers. Define risk appetite, assurance requirements, and contractual controls for third-party cyber security. Partner with procurement, legal, and business teams to ensure suppliers meet security and compliance requirements. Provide risk assessments, recommendations, and remediation guidance to business stakeholders. Escalate material supplier risks and lead risk acceptance discussions where required.

 

Leadership & Team Management

Manage, coach, and develop a small team of cyber risk and third-party risk professionals. Allocate workload effectively and foster a high-performance culture. Support professional development and provide clear career growth pathways. Act as a senior subject matter expert and escalation point within the Cyber GRC function
 

Key Skills & Experience
 

Proven experience in cyber risk management and/or third-party risk management, ideally within financial services, technology, or a regulated industry. Strong understanding of risk management frameworks (e.g., ISO 31000, NIST CSF, FAIR, ISO 27005). Experience in third-party/vendor risk management practices, frameworks, and tools. Excellent leadership, team management, and stakeholder engagement skills. Strong analytical, problem-solving, and decision-making abilities. Ability to produce clear, concise, and executive-ready risk reporting. Professional certifications desirable (e.g., CRISC, CISM, CISSP, CISA).