Security Programme Manager

Security Programme Manager

Department: CISO

Employment Type: Permanent - Full Time

Location: UK - London

Reporting To: Kirsty Kelly

Description

The Security Programme Manager will be responsible for planning, executing, and overseeing the delivery of the cybersecurity programme across the organisation. You will work closely with the Group CISO, senior business stakeholders, and technology teams to ensure security initiatives are delivered on time, within scope and budget, and aligned with the company’s risk appetite and regulatory requirements.

This role demands a deep understanding of cybersecurity frameworks, programme governance, and experience within the financial services sector. It is both a strategic and delivery-focused role, requiring the ability to manage complex, cross-functional projects in a regulated environment 

About the role

Within this role, you will have a number of responsibilities including:

• Programme Leadership: Lead the end-to-end delivery of the CISO’s security maturity programme, ensuring alignment with the Group’s business objectives. 
• Strategic Planning: Work with the Group CISO to define security programme roadmaps, priorities, and success metrics.
• Governance & Reporting: Establish governance structures for programme delivery, including steering committees, working groups, and progress reporting to executive and board-level stakeholders.
• Risk Management: Identify, assess, and manage programme-related risks and issues. Escalate critical risks to appropriate forums and ensure appropriate mitigation plans are in place.
• Budget & Resource Management: Define programme budgets, track expenditures, and ensure optimal use of internal and external resources.
• Change Management: Drive adoption of security initiatives through effective communication, training, and stakeholder engagement.
• Regulatory Alignment: Ensure programmes are compliant with relevant regulatory and industry frameworks for the business. 
• Performance Tracking: Monitor programme KPIs, benefits realisation, and conduct post-implementation reviews.

About you

You will come to use with proven experience (5+ years) in programme or project management within cybersecurity or technology risk:

• Strong background in information security frameworks, standards, and regulatory requirements.
• Sound understanding of enterprise IT and security architecture, cloud security, data protection, threat management, and incident response.
• Proficient in developing programme and project management reporting and documentation.
• Familiarity with Agile and hybrid project delivery methodologies

Core Values

Love what you do:
We show up each day ready to take on the world. Our passion and intensity set us apart and makes the difference to our colleagues, customers, brokers and carriers.

Challenge everything:
We’re never afraid to question the way that things are done and we constantly challenge ourselves and others to makes things better.

Have fun, be good:
Insurance is a serious business, but we don’t take ourselves too seriously. We make it fun to work at CFC, we welcome all viewpoints, and we treat everyone how we would expect to be treated.