Senior Cyber Security Risk Manager
Al Rayan Bank
Job Description
We have a fantastic opportunity for a Senior Cyber Security Risk Manager at our London Office. The Senior Cyber Security Risk Manager will sit within the 2nd Line of Defence Risk team. The main purpose of the role is to provide advice, support, guidance, testing, reporting and challenge on the bank’s information security activities and control environment, operating with independence and with close liaison with the team(s) responsible for operating the bank’s security controls.
Increasingly, this will include involvement in setting and overseeing the bank’s approach to AI adoption as it develops, with particular focus on AI governance and standards proportionate to the bank. Key Responsibilities Manage and maintain cyber/IS policies, standards, and governance processes to set clear expectations for managing cyber/IS risks, in close liaison with 1st line teams to ensure alignment of expectations, deliverables and proportionate outcomes based upon a changing threat landscape. Provide independent second‑line oversight and challenge to cyber/IS threats, exposures, risks and controls, across infrastructure, cloud services, applications, digital banking services, and third‑party providers (including suppliers, cloud services and outsourced providers as applicable), ensuring alignment to the bank’s risk management processes.
Review, support and challenge risk and control assessments, security exceptions, penetration testing outcomes and vulnerability management activities, and remediation plans. Provide second‑line oversight over the management of cyber/IS incidents, including escalation and reporting (internally and externally). Provide cyber/IS risk input into existing risk governance, committee and reporting structures to ensure alignment with the bank’s Risk Management Framework and Risk Appetite Statement.
Coordinate and support assurance over cyber/IS risk, including execution of assurance reviews, commissioning of third‑party assurance reviews, and managing regulatory and audit engagements relating to cyber/IS risk. Assist with cyber/IS maturity assessments and benchmarking activities (e.g. CQUEST maturity questionnaire).
Support security awareness and security culture initiatives across the organisation, including phishing tests, social engineering susceptibility and ‘red team’ security tests. AI Governance & Emerging Technology Risk In collaboration with IT colleagues, review the use of Artificial Intelligence and Generative AI solutions across the organisation (as applicable). Support the establishment and enhancement of the Bank’s AI governance and risk mgmt framework.
Assess risks relating to AI adoption (e.g. data leakage, bias, explainability, model misuse, third‑party AI dependencies). Provide 2nd‑line oversight and challenge regarding AI‑related controls, policies, and risk assessments. Support alignment with emerging frameworks (e.g.
NIST AI Risk Management Framework) and relevant regulatory guidance. Qualifications & Experience Relevant and applicable professional certifications required (e.g. CISM, CISSP, CRISC, CISA).
Significant experience in cybersecurity risk or information security governance within financial services. Knowledge of related security accreditations and standards, including NIST, CIS, DPA, ISO 27001, Cyber Essentials Plus and UK regulatory expectations stemming from PRA and/or FCA. Strong understanding of Second Line of Defence responsibilities and regulated banking environments.
Demonstrable experience in process improvement and implementation, including behavioural change. Knowledge of ISO 27001, NIST CSF, operational resilience principles, and FCA/PRA expectations. Experience providing challenge and oversight to technology and security teams.
Ability to communicate effectively with senior stakeholders and non‑technical audiences. Knowledge & Skills Ability to build positive relationships with senior executives, cyber security SMEs, and across the wider organisation to instil an appropriate cyber security culture and behaviours. Demonstrable SME level expertise in respect to information security risk management processes, frameworks, and procedures within regulated Financial Services environments.
Knowledge of application, infrastructure and networking security controls and systems covering physical, procedural and IT technical areas, particularly in relation to cyber and information security. Ability to understand complex technical systems or solutions and be able to document them so that a non‑technical reader can understand its purpose and function. The ability to identify risks and provide pragmatic advice on how the risk can be mitigated using an agreed risk management methodology.
The willingness and ability to collaborate with other Risk colleagues and the first line to align risk processes across a regulated or complex business. Able to build relationships and work collaboratively with colleagues in IT and key third‑party security suppliers for effective and efficient process delivery and improvement. Values Trusted to do the right thing – To act with total integrity.
Put the customer first and stick to our promises. Empowered to own – To embrace change, take responsibility and ask for help when needed. To draw on each other’s strengths and believe in no blame and no ego.
Show resilience. Motivated to succeed – To be passionate about our work. Look for opportunities to learn and grow and celebrate each other’s success.
Conduct We expect staff to follow the standards required by our regulators. At all times: Act with integrity Act with due skill, care and diligence Be open and co‑operative with regulators Pay due regard to the interests of customers and colleagues and treat them fairly Observe proper standards of market conduct We are offering salary, discretionary bonus, private healthcare, 30 days holidays and a 12 % contributory pension. #J-18808-Ljbffr