Head of Information Security & IT Risk

Head of Information Security & IT Risk - Manchester or London: Up to £90,000pa plus Performance Bonus & Benefits.

Bibby Financial Services are growing, and we’re looking for a Head of Information Security & IT Risk to join our team. The Head of Information Security and IT Risk is responsible for leading the development and execution of the organisation’s information security and IT risk strategy. This includes ensuring the protection of systems, data, and operations against cyber threats and technology-related risks. The role oversees a team of specialists and works across IT, compliance, and business functions to embed robust security and risk practices. It ensures effective governance, continuous improvement, and alignment with regulatory requirements and enterprise risk frameworks.

At Bibby Financial Services (BFS), we’ve been helping small and medium-sized businesses thrive and grow since 1982. Working across 9 countries, we provide the funding and support that give our clients the confidence to take their next step, whether that’s expanding, innovating or breaking into new markets. We’re proud to be part of Bibby Line Group, a long-standing family business and one of the UK’s oldest independent companies

What you'll be doing:

• Lead and develop the Information Security & IT Risk team
• Identify, assess, and manage IT-related risks including security, operational, development, delivery, supplier, compliance, and strategic risks.
• Perform and support risk assessments for new systems, projects, and third-party vendors.
• Ensure compliance with relevant standards, regulations, and frameworks.
• Oversee the deployment and operation of security tools and technologies (e.g., firewalls, SIEM, endpoint protection, zero-trust technologies).
• Manage penetration testing and other assurance activities, including remediation of findings.
• Lead incident response planning and investigation of security breaches, ensuring timely resolution and reporting.
• Act as the primary point of contact for all information security and IT risk matters.
• Provide regular reporting to senior and executive management on security posture and risk status.
• Promote a culture of security awareness and compliance across the organisation.
• Design and deliver security awareness training programmes for staff.

Who are we looking for?

• Proven experience in information security and IT risk management, preferably within financial services or other regulated industries. 
• Strong leadership background, with experience managing and developing high-performing teams in complex environments. 
• Deep understanding of cyber security principles, IT risk frameworks, and operational resilience practices. 
• Demonstrated ability to design and implement security strategies, policies, and controls aligned with business and regulatory requirements. 
• Hands-on experience with security technologies such as firewalls, SIEM, endpoint protection, and vulnerability management tools. 
• Skilled in conducting risk assessments, managing IT risk registers, and overseeing assurance activities including penetration testing and incident response. 
• Familiarity with relevant standards and frameworks (e.g. ISO 27001, NIST, COBIT, GDPR, DORA). 
• Strong stakeholder engagement skills, with the ability to influence and communicate effectively at C-level. 
• Experience supporting internal and external audits, regulatory reviews, and cross-functional collaboration. 
• Track record of promoting security awareness and embedding best practices across an organisation.

What you’ll get in return:

• 25 days’ holiday plus bank holidays, increasing with service, with buy/sell options
• Performance Bonus
• Hybrid working
• Private healthcare for you and your family
• Company pension scheme
• Flexible benefits (gym membership, tech, health assessments and more)
• Access to an online wellbeing centre
• Discounts with a wide range of retailers
• Plus, much more!

There’s no place quite like BFS and we’re proud of that. And it’s all down to you - you make us the people with which every ambitious business loves to work which is highlighted through our values: We partner with customers for long term success, We redefine what’s possible, We deliver what matters, when it matters and We support each other to be our best.

If you would like to join us, please click ‘apply’ today to be considered for the Head of Information Security & IT Risk vacancy – we would love to hear from you!

We're absolutely committed to being a truly inclusive place to work, where everyone has an equal opportunity to reach their true potential. Let us know if you need adjustments to support you through any stage of the Recruitment process.