Security Risk Manager

Company Description

Netcompany is one of the fastest growing and most successful IT services companies in Europe. We are true leaders in digitalisation and are proud to build, implement and support innovative IT solutions for some of the most exciting and prestigious organizations in the world. Our vision is to be the leading digital challenger in Europe, pioneering the next generation of IT consulting, with a strong focus on providing customers true value and delivery certainty. 

We operate in both the public and private sector and our services range from application development and cloud migration through to programme delivery and service operations. Our team consists of true thought leaders who drive business transformation through innovative use of technologies such as predictive data analytics and cognitive computing. We have highly skilled and motivated technologists globally, who are involved in the delivery of some of the most secure, complex, and nationally important technology programmes.

Job Description

We have an exciting opportunity for a Security Risk Manager to be a key member of our growing Security Function. As part of the role you will be the Global Subject Matter Expert (SME) and point of contact for Information Security Risk and risk treatment.

Key Responsibilities  

  • Develops policies and procedures within their subject area, and are aligned with industry standards e.g. ISO27001, ISO21434, IATF16949, ASPICE for Cyber Security.
  • Engages with, assists internal and external business stakeholders to resolve matters within subject area/s.
  • Assists in the development of security frameworks to support the business e.g. Cloud security, third party etc.
  • Owns the GSO risk register and has oversight of information security risks
  • Owns the Audit Tracker and maintains the actions contained within (supplier audit findings)
  • Works with Training and Awareness to identify security topics that have user awareness or training requirements.
  • Works with the Vulnerability Manager to develop the prioritized threat landscape document.
  • Provide reporting to KPIs for area/s of responsibility.
  • Undertakes information security risk assessments
  • Identifies, analyses and evaluates the security risks.
  • Responsible for the delivery of full site and functional risk assessments and undertaking risk assessments, third parties and external interfaces (E.g. cloud and 3rd parties).
  • Creates, manages an enterprise security risk treatment plan and risk register. Obtains updates regarding the treatment of risk from internal and external entities who may carry out own security risk assessments (e.g. site security champions, Eng. IT etc).
  • Develops tooling required to support risk management activities.
  • Coordinates, manages and has oversight of information security risk assessment aspects of supplier relationships
  • Responsible for implementing asset management policy and process to ensure information assets are identified, recorded, ownership assigned and classified and prioritised according to their protection needs.
  • Takes actions to ensure asset lists and databases are updated, includes regular audits.
  • Assist in the inventory / audit of assets where required
  • Work with the business partnering function to deliver a Change Management Capability
  • Will be the recipient of change requests within the GSO team.
  • Will undertake the review and assessment of the Information Security business change and assess the impact of any business change (organisation, business processing facilities and systems) and take appropriate actions to manage security impact.
  • Will support the development of the Change Management process and tooling.



  • Demonstrable experience of working in a similar role in a large organisation or consultancy.
  • Client facing, and able to support clients and their environments across a wide technology stack.
  • Strong communication skills, both verbally and in writing.
  • Strong understanding on security industry standards and best practise including ISO27001, ISO21434, IATF16949, ASPICE
  • Ability to credibly coordinate between technical teams and business stakeholders.
  • Any certifications within the following are highly desirable:
    • CISSP (Certified Information Systems Security Professional)
    • CISM (Certified Information Security Manager)
    • CISA (Certified Information Systems Auditor)
    • CSSLP (Certified Secure Software Lifecycle Professional)
    • Cisco - CCIE Security, CCNP, CCSP, CCNA

Additional Information

Netcompany has existed in the UK since the acquisition of the very successful IT company, Hunter Macdonald in October 2017. Netcompany is one of Northern Europe’s most successful IT Companies, with offices in Denmark, Norway and Poland, Holland, UK and Vietnam.

We are an entrepreneurial company and we’re looking for people who are excited by the challenge of doing things differently. Our culture builds on low bureaucracy with a strong focus on high agility and flexibility.

At Netcompany we believe that a diverse and inclusive workplace is central to our success, which is why all qualified candidates are invited to apply regardless of gender, sexual orientation, disability, age, religion and belief, ethnic background, nationality, gender identity or culture. We are committed to live out a culture where we provide equal opportunities for all.


Work place
United Kingdom
Apply for vacancy