Information Security Risk Manager

Munich RE • Full-time • London, GB-LND, GBR • 1d ago

At Munich Re Specialty – Global Markets (MRS-GM), it is our ambition to become the leading Primary Specialty Insurance provider, underpinned by an effective and adaptable strategy, superior products and industry leaders working in a supportive environment to achieve this.

At the heart of our success is a strong culture where people are encouraged to be present, bold and curious, allowing them to achieve their individual goals.

Information Security Risk Manager

Munich Re is seeking a highly skilled Information Security Risk Manager (ISRM) to act as the Information Security Subject Matter Expert for a number of UK entities, spanning the UK Specialty Global Markets, Life Branch and Great Lakes operations.

This is a specialist role within the Second Line of Defence teams across three entities, offering high visibility across the organisation. You will provide independent oversight, challenge, and expert guidance on Information Security and Cyber risk, working across multiple UK-regulated entities operating within a global Group structure, with dotted-line reporting into Munich Re’s Group IRM function in Munich.

You will play a critical role in ensuring robust risk management practices that align with Group standards, UK regulatory expectations, and evolving cyber threats, while influencing senior stakeholders and shaping risk decisions.

Whilst the role will collaborate with stakeholders across the organisation on a daily basis, there is no direct line management within the remit of the role.

Key Responsibilities

Information Security Risk Oversight

Provide independent second line oversight on Information Security and Cyber risks across UK entities
Review and challenge first line (IT and business) controls, risk assessments, and remediation activities
Monitor risk exposure and ensure timely and effective closure of control gaps

Framework & Governance

Drive the implementation and embedding of the Munich Re Group Information Security Management (ISM) framework
Ensure alignment with UK regulatory expectations (FCA, PRA, Lloyd’s) and internal policies
Translate regulatory and Group requirements into actionable control frameworks

Information Security Officer (ISO) Role

Act as the ISO for UK entities, providing risk leadership on Information Security matters
Serve as a trusted advisor to senior stakeholders on cyber and information risk topics

Risk Assessment & Advisory

Provide Information Security risk opinions on:

IT and cyber initiatives, e.g. gap analyses on new regulatory requirements
Business change programmes
Third-party relationships, e.g. critical IT related service providers – working closely with TRPM experts in the wider risk teams
Support entity-level risk identification, assessment, and treatment planning

Incident & Resilience

Support management of cyber and information security incidents, providing independent risk input
Contribute to business impact assessments and operational resilience activities from a cyber security perspective
Ensure effective management of outsourcing and supplier cyber risks

Reporting & Stakeholder Engagement

Deliver clear, insightful reporting to feed to governance committees and senior management, including entity Exco and Board forums
Communicate risk exposures, trends, and key issues with clarity and impact
Build strong relationships across IT, Risk, Compliance and business teams

What Success Looks Like

Effective oversight and reduction of Information Security risk exposure
Strong challenge and influence over first line risk practices
High-quality, decision-enabling reporting to senior stakeholders
Robust alignment with Group and UK regulatory expectations
Successful navigation of a complex, multi-entity international environment

Experience & Expertise

Experience in Information Security / Cyber Risk / IT Risk roles
Strong background in Information Security frameworks (e.g. ISO 27001, NIST)
Experience operating in a Second Line of Defence or advisory role
Proven ability to provide independent challenge and constructive escalation to senior management
Experience in complex, multi-entity or international organisations highly desirable
Deep expertise in cybersecurity and information security risks
Broad understanding of enterprise risk management frameworks
Knowledge of operational resilience and third-party risk
Strong influencing skills with the ability to challenge constructively
Ability to present confidently to senior committees and leadership teams
Degree in Information Security, IT, Computer Science or related field (or equivalent experience)
Insurance or financial services experience beneficial but not essential

If you are excited about this role but your experience does not align perfectly with everything outlined, or you don’t meet every requirement, we encourage you to apply anyway. You might just be the candidate we are looking for!

Diversity, Equity & Inclusion
At Munich Re, Diversity, Equity, and Inclusion foster innovation and resilience and enable us to act braver and better. Embracing the power of DEI is at the core of who we are. We recognise diversity can be multi-dimensional, intersectional, and complex, so we want to build a diverse workforce that includes a wide range of racial, ethnic, sexual, and gender identities; economic and geographic backgrounds; physical abilities; ages; life, school, and career experiences; and political, religious, and personal beliefs.

Additionally, we are committed to building an equitable and inclusive work environment where this diversity is celebrated, valued, and has equitable opportunities to succeed.

All candidates in consideration for any role can request a reasonable adjustment at any point in our recruitment process. You can request an adjustment by speaking to your Talent Acquisition contact.

Learning and innovating today, striving for sustainable societies and business tomorrow

At Munich Re Specialty – Global Markets our approach to ESG is underpinned by our desire to seize business opportunities and to nurture a stimulating and inclusive work environment. Our ESG strategy aims to deliver holistic impacts across environmental, social and governance topics including supporting a number of local initiatives within our community and offering volunteering opportunities for colleagues.

Benefits

25 days Annual Leave + bank holidays
10% Non-contributory Pension
Eligibility for an Annual Bonus
Private Medical + Dental Insurance
Critical illness insurance + Life Assurance + Permanent Health Insurance
Wellbeing and Development Scheme + EAP + Health Assessments (subject to scheme eligibility)
Electric Vehicle Salary Sacrifice Scheme
Study & continuing Professional Development Support
Hybrid Working + IT Home Set-up Support

#BePresent #BeBold #BeCurious