Cyber / Information Security Risk Manager
đź“Ť UK (Hybrid / Flexible)
đź’° Up to ÂŁ80,000 + Benefits
We’re supporting a well-established organisation as they continue to strengthen their Cyber and Information Security function, with a focus on risk and third-party assurance.
This is a fantastic opportunity for an experienced Analyst or Senior Analyst looking to step into a manager-level role, gaining broader exposure across the business without needing prior people management.
The Role
You’ll play a key role in assessing the organisation’s current security posture, identifying gaps, and helping shape practical remediation plans to improve overall resilience.
A core part of the role is third-party risk management, working closely with procurement and supplier teams on:
* Vendor due diligence
* Risk assessments
* Supporting security aspects of contract negotiations
You’ll also act as a trusted advisor to the business — translating technical risk into clear, actionable insights for stakeholders.
Key Responsibilities
* Conduct security risk and control assessments
* Identify gaps and support remediation planning
* Lead third-party/vendor risk assessments
* Partner with procurement and supplier management teams
* Provide business-focused security advice
* Support ongoing risk assurance (BAU) activities
* Contribute to security frameworks and methodologies
Environment
You’ll be working within frameworks such as ISO 27001 and NIST Cybersecurity Framework, with the opportunity to help evolve and improve processes.
There’s also exposure to emerging risks, including AI and the evolving threat landscape.
About You
You’ll bring a mix of technical security knowledge and strong communication skills, with the ability to engage confidently with stakeholders.
Likely backgrounds include:
* Information Security Analyst
* Cyber Security Analyst
* IT / Technology Risk Analyst
* Third Party / Vendor Risk Analyst
Key Experience
* Experience in Information Security / Cyber Risk / IT Risk
* Exposure to third-party or vendor risk management
* Knowledge of ISO 27001 and/or NIST
* Understanding of data protection / GDPR
* Ability to translate technical risk into business language
* Strong stakeholder engagement skills