Cyber Security Risk Manager

  • Permanent
  • london,

Bruin Financial

Ref: 26234


Leading Insurance Broker seeking an Information Security Manager to join their London office.


Overall Objective of Role:


To support the Group’s information security, data privacy and business continuity frameworks in order to best manage risks and defend the Group from associated internal and external threats, whilst providing assurance that proportionate compliance to relevant requirements is being maintained.


To raise the awareness of information security, data privacy and business continuity risks and to provide relevant advice across the Group.


Main Responsibilities:


· Supporting the maintenance and development of the Group information security (including cyber security), data privacy and business continuity management frameworks.

· Representing the Information and Resilience Risk Team in matters of Cyber Security Risk and development of appropriate policies, processes and reports.

· Working closely with Group IT, and other IT functions, to facilitate and monitor the maintenance of appropriate security, business continuity controls and related capabilities (including testing) across the Group.

· Monitoring and reviewing suppliers, designs, assets and services for threats and risks.

  • Providing guidance to decision-makers on information security, including cyber security, policy and practice, in consultation with the Head of Information and Resilience Risk.
  • Promoting the business benefits of information security, including cyber security, awareness, to the organisation through briefings, facilitating and administering relevant training or awareness activities.
  • Liaising with projects and other change initiatives to ensure that relevant information security technology risks are identified and appropriately managed.
  • Assisting in the development and maintenance of organisational information security policy and other procedures to safeguard business requirements.
  • Generating relevant information security reports and other relevant management information.
  • Facilitating and reviewing externally commissioned security testing activities. Working with relevant stakeholders, including Group IT, to ensure that any deficiencies are promptly resolved.
  • Participating in the Incident Management process, managing incidents relating to information security, data privacy and business continuity
  • Assess the cyber resilience capability including detection methods and provide recommendations.
  • Track the latest IT and Information Security innovations and keeping abreast of the latest cyber security practices and technologies.




Person Specification:


  • Essential Experience
  • Practical work experience in information security management and/or related functions (such as information security solution design/architecture, IT Audit or IT Controls/Risk Management).
  • A prior background in technical IT roles such as IT operations, architecture or development with a clear and focussed interest in information security.
  • Experience across threat and vulnerability management, including testing techniques and analysing their reports.
  • Solid understanding of relevant technologies and associated technical information security controls.
  • An understanding of due diligence processes, as they relate to information security, data privacy and business continuity.
  • Knowledge of contemporary and emerging enterprise security standards, approaches, practises and industry trends.
  • General computer literacy is essential, as is the ability to understand system architecture and information flows.


  • Essential Technical/Specialist Knowledge
  • A broad understanding of technology and the implementation of access controls that underpin information security, together with security testing, including vulnerability scanning and penetration testing.
  • A broad understanding of cloud technologies and services, preferably with some prior exposure to the implementation of these.
  • Some exposure to risk management, particularly in relation to information security.
  • Some exposure to formal information security frameworks, such as ISO 27001 or NIST CyberSecurity Framework.
  • Some exposure to the project lifecycle and how information security factors into it



Bruin recognises the positive value of diversity, and aims to promote equality and challenge unfair discrimination. As a champion of equal opportunity employment we welcome applications from all suitably qualified persons – men and women, people of all ages, sexual orientations, nationalities, religions and beliefs. We particularly encourage applications from women, disabled, and Black, Asian and minority ethnic candidates as these groups are underrepresented throughout the financial services industry. Our clients work with us because they value a diverse workforce, and subscribe to our shared principle that all appointments are made on merit and that ability to perform the job will be the primary consideration.

  • This field is for validation purposes and should be left unchanged.

Quantitative Analyst

Ref: 25076 Bruin are working with a boutique Asset Management firm which provide Fixed Income and Credit ETF investment opportunities...


View Job

Cyber Security Risk Manager

Ref: 26234   Leading Insurance Broker seeking an Information Security Manager to join their London office.   Overall Objective of...


View Job

Operational Risk Analyst

Ref: 27302 Leading Market Maker seeking an Operational Risk Analyst to join their small team based in London.   Responsibilities Supporting...


View Job