Wood Mackenzie is the global data and analytics business for the renewables, energy, and natural resources industries. Enhanced by technology. Enriched by human intelligence. In an ever-changing world, companies and governments need reliable and actionable insight to lead the transition to a sustainable future. That's why we cover the entire supply chain with unparalleled breadth and depth, backed by over 50 years' experience. Our team of over 2,400 experts, operating across 30 global locations, are enabling customers' decisions through real-time analytics, consultancy, events and thought leadership. Together, we deliver the insight they need to separate risk from opportunity and make confident decisions when it matters most.
Wood Mackenzie Brand Video
Wood Mackenzie Values
* Inclusive – we succeed together
* Trusting – we choose to trust each other
* Customer committed – we put customers at the heart of our decisions
* Future Focused – we accelerate change
* Curious – we turn knowledge into action
We are seeking a highly skilled
Senior Cyber Security Risk Manager
to join our global Cyber Security team. This individual will play a critical role in maturing our Governance, Risk, and Compliance (GRC) function, ensuring alignment with leading frameworks (NIST CSF, NIST 800-53, SOC 2) and maintaining readiness for external audits and regulatory requirements.
As a senior member of the team, you will be directly responsible for the organization's risk management strategy, including oversight of the enterprise risk register, execution of internal audits, and governance of our risk exception process (PERA). This role requires a blend of technical expertise, strong analytical skills, and the ability to engage effectively with stakeholders across IT, procurement, and business leadership.
Key Responsibilities
* Lead the cybersecurity risk management program, including maintaining and continuously improving the enterprise risk register.
* Own and manage the Policy Exception Risk Acceptance (PERA) process, ensuring risks are reviewed, tracked, and formally accepted or remediated.
* Drive SOC 2 readiness activities across multiple business units, coordinating with auditors and internal stakeholders to ensure successful certification and renewals.
* Oversee internal audit planning and execution, ensuring annual audit plans are risk-based, comprehensive, and aligned with organizational objectives.
* Develop and enforce cybersecurity governance policies, standards, and procedures aligned to NIST CSF, NIST 800-53, and SOC 2 requirements.
* Partner with IT, SRE, Architecture, and Procurement teams to identify, assess, and mitigate technology, third-party, and compliance risks.
* Provide clear, data-driven reporting and metrics to the Head of Cyber Security and CIO on risk trends, audit findings, and remediation progress.
* Monitor the external threat and regulatory landscape to ensure emerging risks are factored into the risk management strategy.
* Act as a trusted advisor to business leaders on cybersecurity risk, providing practical guidance that balances security with business objectives.
Requirements
* 5+ years of hands-on experience in a dedicated cybersecurity risk management, GRC, or equivalent senior role.
* Proven experience leading risk management programs and working with frameworks such as NIST CSF, NIST 800-53, and SOC 2.
* Strong knowledge of risk registers, audit programs, and exception management processes.
* Experience in SOC 2 audit readiness and execution, with ability to engage directly with auditors and control owners.
* Demonstrated ability to engage and influence senior stakeholders, translating complex technical risk into business terms.
* Strong analytical skills, with ability to interpret data, assess trends, and make evidence-based decisions.
* Excellent written and verbal communication skills, including the ability to prepare board-level risk reporting.
Preferred Attributes
* SaaS or technology sector experience.
* Familiarity with enterprise GRC tools (e.g., ServiceNow, Archer, or Purview Compliance Manager).
* Experience supporting third-party risk management activities.
Equal Opportunities
We are an equal opportunities employer. This means we are committed to recruiting the best people regardless of their race, colour, religion, age, sex, national origin, disability or protected veteran status. You can find out more about your rights under the law at
If you are applying for a role and have a physical or mental disability, we will support you with your application or through the hiring process.