Senior Risk Manager (Information Security)
At Octopus, we’re entrepreneurs and we’re investors, on a mission to back the people, ideas and industries that will change the world.
We think working here is great, but we’re understandably bias. Click here to explore Life at Octopus.
About the Role
What’s in it for you?
The size of our business gives you lots of opportunities to develop your skillset within risk management – we are small enough to offer you variety across multiple areas of risk management, but also big enough for you to work on exciting projects and tasks. A significant part of this role will involve working with Octopus Labs, the tech division of Octopus who use the latest technology to build state of the art systems to support our business processes.
Due to the innovative nature of Octopus, in this role you will have the opportunity to work with a variety of stakeholders in driving change and pushing forward new ideas and approaches within risk management, focusing on information security and business continuity.
The Risk team is the second line of defence within Octopus. We have a goal to protect the business by embedding an honest open risk culture, doing the right thing, and supporting Octopus’ core values: Be straightforward; be bold; and be helpful. We are keen to add value to the business and propose solutions beyond the basic expectations of risk. We also like to work quickly when identifying a risk, fixing it now and for the longer term with the appropriate controls. Our risk model includes over 50 risk coordinators in the first line who help manage the risks.
The second line provides the policies, frameworks, tools, techniques and support to enable risk and compliance to be managed in the first line, conducts monitoring to judge how effectively they are doing it, and helps ensure consistency of definitions and measurement of risk.
What will you be doing?
- Leading, driving, managing and developing certain areas within the risk function for Octopus. This includes a focus on Octopus Labs, information security and facilitating the annual insurance renewal process. By challenging the first line in a friendly and supportive way you will uphold our culture of transparency and “no blame” on risk incidents.
- Owning the information security policy, for which you will respond to inbound due diligence queries and drive third-party assurance, as well as attending and making key contributions to the Information Security Committee.
- Leading on certain aspects relating to business continuity, crisis management and operational resilience across the firm.
Ideally, you’ll have:
✅ An expert knowledge of approaches to Information Security and awareness of the latest developments in the industry.
✅ Ability to challenge the first line on the application of Information Security principles and NIST framework compliance.
✅ A good working knowledge of Business Continuity and Operational Resilience.
✅ Worked in a risk role and experience in using and enhancing risk management frameworks.
✅ Excellent interpersonal skills in building engaging relationships at all levels across the business, challenging senior stakeholders when needed.
✅ A track record of bringing and implementing new ideas in teams you have worked in, with a solutions-focused approach.
We encourage you to apply even if you don’t tick every box. What’s the worst that can happen?
This role will evolve as we grow and develop. So, if you are looking for a challenge in a fast paced and dynamic business, we can deliver on that.
What we offer
💰 A competitive salary, bonus, pension and share incentive plan
✈️ Untracked holiday
🏡 Hybrid working – most of our people spend 50% of their time in the office
⚓ Anchor (our wellness hub) which includes Headspace, one to one coaching through Wellness Cloud, Digital GP, Shout & more
👪 Up to 6 months paid parental leave regardless of gender
❤️ Life insurance, critical illness cover and income protection
🏥 Private medical insurance for you and your family
🚗 Electric vehicle leasing
🌍 The option to work overseas up to a month per year
At our core, we believe that how a company behaves is just as important as what it does. That’s why we chose to become an accredited B Corp (the equivalent of a Fairtrade coffee stamp but for companies) and to change our Articles of Association so that the interests all our stakeholders – employees, customers, communities, environment and shareholders – are considered in every decision we make.
We’re committed to creating a diverse and inclusive employee experience for all. We promote equal opportunities for growth and development regardless of race, gender, religion, sexual orientation, age, disability, or socio-economic background. We believe strongly that teams are at their best when every member of the team feels safe to bring their whole self to work.