Job Description

Who are we?

At Specialist Risk Group (SRG), we specialise in delivering expert risk solutions for complex, high-stakes challenges across a range of sectors. From insurance and professional indemnity to bespoke risk management services, our work demonstrates both precision and adaptability, reflecting our commitment to helping clients navigate even the most demanding scenarios.

Our dedication to excellence and innovative thinking underpins everything we do. Guided by our mantra, "Difficult. Done Well.", we tackle challenges that others shy away from, delivering solutions that are both robust and forward-thinking.

Powered by a team of highly skilled specialists, we combine deep industry knowledge with strategic insight to turn complex problems into practical, actionable solutions. We work closely with our clients, understanding their ambitions and risks, to provide tailored strategies that support growth, resilience, and long-term success.

With a focus on collaboration, expertise, and precision, SRG shapes the way organisations manage risk--transforming complexity into opportunity and helping clients achieve outcomes they can rely on.

About the role

The IT Risk Manager is responsible leading the development, implementation, and maintenance of a robust information security programme in alignment with regulatory requirements, industry best practices, and business objectives. The ideal candidate will have deep expertise in risk management, compliance, cybersecurity frameworks, and technology governance, in a regulated financial services industry

Who we're looking for

Key Responsibilities

Information Security Programme Management

Develop, implement, and maintain security policies, standards, and procedures in line with ISO 27001, NIST, FFIEC, and other relevant frameworks.

Ensure alignment of security strategies with business goals and regulatory obligations (e.g., FCA, PRA, GDPR, SOX, GLBA).

Governance, Risk & Compliance

Manage the company's information security risk register and conduct regular risk assessments.

Lead internal and external security audits, and ensure timely remediation of findings.

Monitor and enforce compliance with data protection regulations and cybersecurity laws.

Incident Management

Lead incident response efforts, including detection, investigation, containment, and recovery.

Coordinate with legal, compliance, and executive teams during security incidents or data breaches.

Conduct post-incident reviews and implement lessons learned.

Third-Party Risk Management

Oversee vendor security assessments and ensure third-party providers meet security requirements.

Review and negotiate security clauses in contracts and SLAs.

Security Operations

Oversee daily security operations including vulnerability management, access control, endpoint security, and network monitoring.

Collaborate with IT and infrastructure teams to implement technical controls and solutions (e.g., SIEM, DLP, EDR, IAM).

Team Leadership & Training

Build and develop a (new) information security team.

Manage and mentor security analysts or junior team members.

Drive security awareness training and phishing simulations across the organisation.

Reporting & Metrics

Prepare and deliver regular reports on security posture, incidents, and KPIs to senior leadership and regulatory bodies.

Advise executives on emerging threats and risk mitigation strategies

What you'll get

Extensive knowledge of UK insurance broking and MGA operations, ideally spanning Retail, Wholesale, and Underwriting.

Significant experience in post-acquisition integration, team lift-integration, operating model design, or senior business analysis within financial services.

Strong understanding of the UK regulatory and operational environment for insurance intermediaries (e.g. FCA requirements, TOBAs, client money, insurer relationships).

Excellent leadership, stakeholder management, and influencing skills.

Proven ability to operate at senior level, engaging with executives, workstream leads, and acquired company or team leadership.

Highly analytical, structured, and comfortable handling complex operational and regulatory detail.

What to expect

At SRG, our colleagues are at the heart of everything we do. We pride ourselves on fostering an inclusive, respectful culture--one where people feel empowered, valued, and equipped for growth. We embrace new ideas, adapt to challenges, and celebrate shared success.

We're committed to making our recruitment process and workplace accessible to everyone. If you have a disability or require any adjustments--whether during the hiring process or in your day-to-day role--we'll work with you to ensure you have the support you need. Just let us know how we can help.

Job Types: Full-time, Permanent

Work Location: Hybrid remote in London EC3N