Job Description

Wood Mackenzie is the global data and analytics business for the renewables, energy, and natural resources industries. Enhanced by technology. Enriched by human intelligence. In an ever-changing world, companies and governments need reliable and actionable insight to lead the transition to a sustainable future. That's why we cover the entire supply chain with unparalleled breadth and depth, backed by over 50 years' experience. Our team of over 2,400 experts, operating across 30 global locations, are enabling customers' decisions through real-time analytics, consultancy, events and thought leadership. Together, we deliver the insight they need to separate risk from opportunity and make confident decisions when it matters most.

WoodMac.com

Wood Mackenzie Brand Video

Wood Mackenzie Values

Inclusive - we succeed together Trusting - we choose to trust each other Customer committed - we put customers at the heart of our decisions Future Focused - we accelerate change Curious - we turn knowledge into action

We are seeking a highly skilled

Senior Cyber Security Risk Manager

to join our global Cyber Security team. This individual will play a critical role in maturing our Governance, Risk, and Compliance (GRC) function, ensuring alignment with leading frameworks (NIST CSF, NIST 800-53, SOC 2) and maintaining readiness for external audits and regulatory requirements.


As a senior member of the team, you will be directly responsible for the organization's risk management strategy, including oversight of the enterprise risk register, execution of internal audits, and governance of our risk exception process (PERA). This role requires a blend of technical expertise, strong analytical skills, and the ability to engage effectively with stakeholders across IT, procurement, and business leadership.

###

Key Responsibilities

Lead the

cybersecurity risk management program

, including maintaining and continuously improving the enterprise risk register. Own and manage the

Policy Exception Risk Acceptance (PERA)

process, ensuring risks are reviewed, tracked, and formally accepted or remediated. Drive

SOC 2 readiness

activities across multiple business units, coordinating with auditors and internal stakeholders to ensure successful certification and renewals. Oversee

internal audit planning and execution

, ensuring annual audit plans are risk-based, comprehensive, and aligned with organizational objectives. Develop and enforce cybersecurity governance policies, standards, and procedures aligned to

NIST CSF, NIST 800-53, and SOC 2

requirements. Partner with IT, SRE, Architecture, and Procurement teams to identify, assess, and mitigate technology, third-party, and compliance risks. Provide clear, data-driven reporting and metrics to the Head of Cyber Security and CIO on risk trends, audit findings, and remediation progress. Monitor the external threat and regulatory landscape to ensure emerging risks are factored into the risk management strategy. Act as a

trusted advisor

to business leaders on cybersecurity risk, providing practical guidance that balances security with business objectives.
###

Requirements

5+ years of hands-on experience

in a dedicated cybersecurity risk management, GRC, or equivalent senior role. Proven experience leading

risk management programs

and working with frameworks such as

NIST CSF, NIST 800-53, and SOC 2

. Strong knowledge of

risk registers, audit programs, and exception management processes

. Experience in

SOC 2 audit readiness and execution

, with ability to engage directly with auditors and control owners. Demonstrated ability to

engage and influence senior stakeholders

, translating complex technical risk into business terms. Strong analytical skills, with ability to interpret data, assess trends, and make evidence-based decisions. Excellent written and verbal communication skills, including the ability to prepare board-level risk reporting.
###

Preferred Attributes

SaaS or technology sector experience. Familiarity with enterprise GRC tools (e.g., ServiceNow, Archer, or Purview Compliance Manager). Experience supporting third-party risk management activities.

Equal Opportunities

We are an equal opportunities employer. This means we are committed to recruiting the best people regardless of their race, colour, religion, age, sex, national origin, disability or protected veteran status. You can find out more about your rights under the law at www.eeoc.gov


If you are applying for a role and have a physical or mental disability, we will support you with your application or through the hiring process.