Head of Cyber Risk

Barclay Simpson • Hybrid - WFH/London 1 day a week, United Kingdom , London • 3d ago

Head of Cyber Risk required for global financial services firm. You will lead the organization's efforts to identify, assess, and mitigate cyber-related risks across the enterprise. This role is responsible for developing and implementing a comprehensive cyber risk framework, aligning with business goals, regulatory expectations, and evolving threat landscapes. You will collaborate closely with IT, compliance, security, and executive leadership to ensure a strong cyber risk posture and informed decision-making. This is more hands-on as opposed to managerial.Key Responsibilities:

Strategic Leadership:
- Develop and own the enterprise-wide cyber risk management strategy and roadmap.
- Advise senior leadership and the board on emerging cyber risks, threats, and regulatory requirements.
- Represent the cyber risk function in risk committees, regulatory meetings, and board-level discussions.
Risk Framework & Governance:
- Design and maintain a cyber risk management framework that aligns with industry standards (eg, NIST, ISO 27005, FAIR).
- Define and monitor key cyber risk indicators (KRIs) and risk appetite metrics.
- Oversee regular cyber risk assessments, scenario planning, and risk reporting.
Operational Risk Management:
- Collaborate with cybersecurity, IT, and business units to identify and remediate cyber risk exposures.
- Ensure appropriate controls, policies, and procedures are in place and tested.
- Lead cyber risk input into third-party risk, data privacy, and cloud governance programs.
Regulatory & Compliance:
- Ensure compliance with relevant laws and frameworks (eg, GDPR, DORA, NIS2, SOX, PCI-DSS).
- Prepare and support audits, risk assessments, and regulatory reviews.
Team & Culture Building:
- Build and lead a high-performing cyber risk team.
- Drive a risk-aware culture through training, awareness, and engagement across the organization.
Qualifications & Experience:
- Experience in cybersecurity, risk management, or IT governance, with strong experience in a leadership role for a global financial organisation.
- Strong understanding of cybersecurity frameworks, threat intelligence, and digital risk management.
- Degree in Information Security, Risk Management, Computer Science, or a related field. Professional certifications such as CISSP, CISM, CRISC, or equivalent are highly desirable.