Cyber Security Risk Manager

Wood Mackenzie is the global data and analytics business for the renewables energy and natural resources industries. Enhanced by technology. Enriched by human an ever-changing world companies and governments need reliable and actionable insight to lead the transition to a sustainable future. Thats why we cover the entire supply chain with unparalleled breadth and depth backed by over 50 years experience. Our team of over 2400 experts operating across 30 global locations are enabling customers decisions through real-time analytics consultancy events and thought leadership. Together we deliver the insight they need to separate risk from opportunity and make confident decisions when it matters most.Wood Mackenzie Brand VideoWood Mackenzie ValuesInclusive we succeed togetherTrusting we choose to trust each otherCustomer committed we put customers at the heart of our decisionsFuture Focused we accelerate changeCurious we turn knowledge into actionWe are seeking a highly skilled Senior Cyber Security Risk Manager to join our global Cyber Security team. This individual will play a critical role in maturing our Governance Risk and Compliance (GRC) function ensuring alignment with leading frameworks (NIST CSF NIST 800-53 SOC 2) and maintaining readiness for external audits and regulatory requirements.As a senior member of the team you will be directly responsible for the organizations risk management strategy including oversight of the enterprise risk register execution of internal audits and governance of our risk exception process (PERA). This role requires a blend of technical expertise strong analytical skills and the ability to engage effectively with stakeholders across IT procurement and business leadership.Key ResponsibilitiesLead the cybersecurity risk management program including maintaining and continuously improving the enterprise risk register.Own and manage the Policy Exception Risk Acceptance (PERA) process ensuring risks are reviewed tracked and formally accepted or remediated.Drive SOC 2 readiness activities across multiple business units coordinating with auditors and internal stakeholders to ensure successful certification and renewals.Oversee internal audit planning and execution ensuring annual audit plans are risk-based comprehensive and aligned with organizational objectives.Develop and enforce cybersecurity governance policies standards and procedures aligned to NIST CSF NIST 800-53 and SOC 2 requirements.Partner with IT SRE Architecture and Procurement teams to identify assess and mitigate technology third-party and compliance risks.Provide clear data-driven reporting and metrics to the Head of Cyber Security and CIO on risk trends audit findings and remediation progress.Monitor the external threat and regulatory landscape to ensure emerging risks are factored into the risk management strategy.Act as a trusted advisor to business leaders on cybersecurity risk providing practical guidance that balances security with business objectives.Requirements5 years of hands-on experience in a dedicated cybersecurity risk management GRC or equivalent senior role.Proven experience leading risk management programs and working with frameworks such as NIST CSF NIST 800-53 and SOC 2.Strong knowledge of risk registers audit programs and exception management processes.Experience in SOC 2 audit readiness and execution with ability to engage directly with auditors and control owners.Demonstrated ability to engage and influence senior stakeholders translating complex technical risk into business terms.Strong analytical skills with ability to interpret data assess trends and make evidence-based decisions.Excellent written and verbal communication skills including the ability to prepare board-level risk reporting.Preferred AttributesSaaS or technology sector experience.Familiarity with enterprise GRC tools (e.g. ServiceNow Archer or Purview Compliance Manager).Experience supporting third-party risk management activities.Equal OpportunitiesWe are an equal opportunities employer. This means we are committed to recruiting the best people regardless of their race colour religion age sex national origin disability or protected veteran status. You can find out more about your rights under the law at If you are applying for a role and have a physical or mental disability we will support you with your application or through the hiring process.Required Experience:Manager Key Skills Arm,Risk Management,Financial Services,Cybersecurity,COSO,PCI,Root cause Analysis,COBIT,NIST Standards,SOX,Information Security,RMF Employment Type : Full-Time Experience: years Vacancy: 1