Job Type: Permanent
Location: This role could be based in either our London, Birmingham, Telford or Edinburgh offices with time spent working in the office and at home.
Flexible working: All of our roles are open to part-time, job-share and other types of flexibility. We will discuss what is important to you and balancing this with business requirements during the recruitment process. You can read more about Phoenix Flex here.
Closing Date: 30.5.25
Salary and benefits : Up to £90,000 dependant upon experience, plus bonus potential, private medical cover, 38 days annual leave, excellent pension, 12x salary life assurance, career breaks, income protection, 3x volunteering days and much more.

WHAT ARE WE LOOKING FOR?

We’re looking for a Senior Manager – Information Security & Cyber Risk to join us. You’ll play a key role in overseeing how Phoenix manages the rapidly evolving landscape of cyber threats, information security risks and digital resilience—helping the business move forward with confidence. You’ll also be Supporting the implementation and oversight of the Group’s Risk Management Framework and the effectiveness of risk management and compliance across the Group and promoting the effectiveness of the Group’s management of risk externally.
You’ll lead the oversight of information security and cyber risk across the Group—working closely with our Group CISO, IT leadership, and risk teams to challenge, advise, and support the business in making secure decisions.
You’ll be instrumental in ensuring that Phoenix’s systems, data and critical services are protected from both current and emerging threats, while supporting the development of a strong security culture and risk-aware mindset across the organisation.
You’re a confident and experienced information security risk leader—someone who’s just as comfortable engaging with CISOs and tech teams as you are with ExCo and Boards. You understand the fast-moving cyber environment, and you know how to make risk meaningful and business-relevant.

Providing independent second-line oversight of information security, cyber, and digital risk
Advising on the effectiveness of security strategies, controls and incident response processes
Supporting the embedding of cyber resilience in line with regulatory expectations (e.g. DORA, NIS2, FCA/BoE guidance)
Challenging major technology and transformation programmes through a security risk lens
Leading thematic reviews and providing risk opinions to senior committees
Translating technical risk insights into clear, actionable advice for business stakeholders
Monitoring emerging threats, trends and regulatory developments across the cyber landscape
Promoting a strong information security culture across all levels of the organisation