Job Description

###

Description

The

Security Programme Manager

will be responsible for planning, executing, and overseeing the delivery of the cybersecurity programme across the organisation. You will work closely with the Group CISO, senior business stakeholders, and technology teams to ensure security initiatives are delivered on time, within scope and budget, and aligned with the company's risk appetite and regulatory requirements.

This role demands a deep understanding of cybersecurity frameworks, programme governance, and experience within the financial services sector. It is both a strategic and delivery-focused role, requiring the ability to manage complex, cross-functional projects in a regulated environment###

About the role

Within this role, you will have a number of responsibilities including:

Programme Leadership:

Lead the end-to-end delivery of the CISO's security maturity programme, ensuring alignment with the Group's business objectives.

Strategic Planning:

Work with the Group CISO to define security programme roadmaps, priorities, and success metrics.

Governance & Reporting:

Establish governance structures for programme delivery, including steering committees, working groups, and progress reporting to executive and board-level stakeholders.

Risk Management:

Identify, assess, and manage programme-related risks and issues. Escalate critical risks to appropriate forums and ensure appropriate mitigation plans are in place.

Budget & Resource Management:

Define programme budgets, track expenditures, and ensure optimal use of internal and external resources.

Change Management:

Drive adoption of security initiatives through effective communication, training, and stakeholder engagement.

Regulatory Alignment:

Ensure programmes are compliant with relevant regulatory and industry frameworks for the business.

Performance Tracking:

Monitor programme KPIs, benefits realisation, and conduct post-implementation reviews.


###

About you

You will come to use with proven experience (5+ years) in programme or project management within cybersecurity or technology risk:Strong background in information security frameworks, standards, and regulatory requirements. Sound understanding of enterprise IT and security architecture, cloud security, data protection, threat management, and incident response. Proficient in developing programme and project management reporting and documentation. Familiarity with Agile and hybrid project delivery methodologies


###

Core Values

Love what you do:

We show up each day ready to take on the world. Our passion and intensity set us apart and makes the difference to our colleagues, customers, brokers and carriers.

Challenge everything:

We're never afraid to question the way that things are done and we constantly challenge ourselves and others to makes things better.

Have fun, be good:

Insurance is a serious business, but we don't take ourselves too seriously. We make it fun to work at CFC, we welcome all viewpoints, and we treat everyone how we would expect to be treated.###

About CFC

CFC is a specialist insurance provider, pioneering emerging risk and market leader in cyber. Our global insurance platform uses cutting-edge technology and data science to deliver smarter, faster underwriting and protect customers from today's most critical business risk.

Headquartered in London with offices in New York, Austin, Brussels and Brisbane, CFC has over 950 staff and is trusted by more than 100,000 businesses across 90 countries.

At CFC, insurance isn't just about underwriting. From data science to software development, and digital marketing design, we've got something for everyone. We're passionate about pushing boundaries, thinking differently and building the insurance company of the future.



CFC is committed to the principles of equal opportunities and creating an environment in which all individuals are always treated with dignity and respect. We encourage a diverse corporate culture of openness and appreciation to create an environment in which your talent can be developed in the best possible way. Should you require any reasonable adjustments at any stage of the recruitment process please let us know.