VP, IT Security Risk - RSA Archer, NIST, GRC - London - Hybrid

Posted 11 hours ago by Scope AT Limited

Permanent
Not Specified
Other
London, United Kingdom
Job Description

VP, IT Security Risk - RSA Archer, NIST, GRC - London - Hybrid

A strategic opportunity for a VP-level Information & Cyber Security professional to join a growing security governance and risk team. Drive enterprise-level cyber risk management, compliance, and security posture enhancement in a highly regulated environment.

Key Responsibilities:

  • Own and maintain security policies, standards, procedures, and governance frameworks

  • Align risk management with NIST CSF, NIST 800-53, and industry regulations

  • Act as a trusted security advisor to business and technical stakeholders

  • Lead and conduct detailed risk assessments, maintaining the risk register in RSA Archer

  • Identify and evaluate information security risks; support remediation and treatment strategies

  • Track and monitor risk remediation through life cycle to acceptable closure

  • Contribute to organization-wide cybersecurity risk strategies and control improvements

  • Run post-incident/assessment lessons learned forums and influence control evolution

  • Represent security in internal/external audits and assessments

  • Deliver detailed risk reporting and metrics to key stakeholders

Key Skills & Experience:

  • 5+ years in Information/Cyber Security, with 2+ years focused on security risk

  • Strong background in GRC tools - RSA Archer strongly preferred

  • Deep understanding of security risk management, taxonomy, and control frameworks

  • Strong attention to detail with expert-level documentation and reporting ability

  • Ability to communicate complex security issues clearly to technical and non-technical audiences

  • Familiarity with vulnerability and incident management processes

  • Effective collaboration across compliance, tech, audit, and ops teams

  • Experience in financial services or banking environments preferred

Desirable Certifications:

  • MSc in Information Security, CISM, CRISC, CISA, or similar credentials

  • Knowledge of frameworks including ISO 27001, SOC 1 & 2

  • Certifications in Prince2, MSP, or APMQ a bonus

Location & Working Model:

  • Based in London

  • Hybrid model - 2 days onsite per week