13th March 2026
Cyber Risk, Standards & Governance SME
Cyber Security
London
£110,000 + Benefits and Bonus
Job Title: Cyber Risk, Standards & Governance SME
Salary: £110,000 + Benefits and Bonus
Location: London
Employment Type: Perm, Hybrid
About the Role
This leading Financial Services Business are seeking a proactive and detail-driven Cyber Risk, Standards & Governance SME to help strengthen and mature our cybersecurity posture across the organisation. In this critical role, you’ll ensure our technology environment remains resilient by developing, maintaining, and governing robust security policies, standards, and frameworks.
You will act as a trusted advisor across security, engineering, risk, and audit teams-ensuring that security requirements are practical, well-understood, and aligned with business goals. Your work will directly contribute to reducing cyber risk exposure, maintaining regulatory compliance, and enabling the organisation to innovate securely.
Why This Role Matters
- You will help protect the organisation’s most important assets-its data, systems, and reputation-against emerging threats.
- You’ll ensure ongoing compliance with regulatory requirements and industry standards including ISO 27001 and SOC 2, helping minimise audit findings.
- Your governance and oversight will drive secure business growth and operational excellence.
- You will enhance stakeholder confidence by demonstrating a strong, proactive, and well-managed approach to cyber risk.
Key Responsibilities
- Review, update, and maintain Information Security Policies and Standards, ensuring alignment with Enterprise Risk Management and regulatory expectations.
- Provide expert guidance on policy and standard development, implementation, and communication.
- Work with stakeholders to drive adoption of security controls across technologies and applications.
- Coordinate all compliance activities for external audits and certifications (eg, SOC 2, ISO 27001), including preparation, reporting, and remediation follow-up.
- Deliver assurance that key security risks are identified, mitigated, and monitored effectively.
- Conduct periodic reviews of cyber and information security risks and support prioritisation of remediation efforts.
- Support Enterprise Risk Management processes, including control attestations, risk committee participation, and management of issues and events.
- Evaluate the effectiveness of security controls and track remediation of identified deficiencies.
- Track, analyse, and report on Key Risk Indicators (KRIs).
- Provide inputs to the Information Security Committee and ensure timely follow-up on actions.
- Ensure Information Security projects adhere to internal governance standards and are tracked consistently.
- Represent Security in risk reviews across assets, vendors, and applications, including inherent and residual risk assessments.
- Perform security risk and gap assessments for infrastructure, applications, third parties, and vendors.
- Develop and support risk remediation strategies across global teams.
- Provide subject-matter expertise on information risk to business units and technical stakeholders.
About You: Skills & ExperienceEssential
- Proven experience in Information Security and Risk Management within large or complex organisations.
- Strong ability to advise and make informed decisions across cyber and technology risk issues.
- Demonstrated capability to analyse, consolidate, and report on risk and security themes.
- Solid understanding of key frameworks: ISO 27001, SOC 2, NIST, CIS Benchmarks, OWASP.
- Familiarity with audit principles and risk assessment methodologies.
- Extensive experience across IT and Security Risk Management disciplines.
- Excellent communication skills and the ability to build strong relationships with senior stakeholders.
- Highly organised, with the ability to work independently and manage competing priorities.
Desired
- Professional certifications such as CISSP, CISA, CRISC, CEH.
- Experience with GRC platforms and governance-related initiatives.
- Background in financial services or other regulated industries.
We invite individuals from underrepresented groups to apply for any of our roles and are committed to supporting accessibility needs.
Consultant - Abigail Moss
Telephone: 0207 392 7516
Email: abigail.moss@spencer-rose.com
Share This Position