Information Security Risk Officer

Job ID
# of Openings
Business Entity
Octopus Investments
Permanent Full-Time


At Octopus we’re transforming the industries we operate in and improving the lives of millions of people. We’ve built market-leading positions in a number of specialist sectors, including smaller company financing, renewable energy, healthcare and property finance. We employ 500 people and manage more than £6 billion on behalf of more than 50,000 investors. Our products don’t just help real people solve real life problems, they also make a positive impact on the world around us.


The Octopus Group incorporates Octopus Energy, Octopus Healthcare, Octopus Investments, Octopus Property, Octopus Ventures and Octopus Labs. Our aim is to have an impact in everything we do, and to make a vital contribution to the UK economy by helping people, companies and institutions generate wealth. And we’re always on the look-out for smart, talented people who share our values.


The main role and responsibilities of the Information Security Manager is to provide support and advice to the business on all aspects of information risk, including information security, data protection and privacy. In addition you will manage information security governance projects and initiatives, assist the business to define appropriate controls to manage the risks associated with all information (including personal data and business information) regardless of its medium, and provide necessary guidance and direction to ensure we comply with information security and data protection legislative and regulatory requirements and relevant industry best practices.


In this role you will provide 2nd-line defence with thought leadership on IT Risk, Cyber Risk and Digital Risk reporting to the Head of Risk. You will provide oversight of management of IS, IT Risk and Digital Risk associated control landscape. This includes, but is not limited to, oversight of: risk management processes and governance; embedding of the IT Risk Management Framework as part of the Operational Risk Framework; policy ownership and embedding.


Responsibilities will include but are not limited to:

  • Oversight and leadership of the Group’s information security and data protection and privacy frameworks and strategy;
  • Liaise with IT Security and business areas to ensure that information security and data protection requirements are defined, understood and reflected within IT solutions;
  • Manage and complete information risk and information security reviews, including due diligence of third parties;
  • Develop and implement information security and data protection awareness training;
  • Develop, maintain and generate monthly reports for senior management and the Board; present at senior management forums and committees as required;
  • Identify information risks in business projects and assist the business to manage these risks;
  • Promote information security controls and process throughout the Group; 
  • Identify and provide the Group with current information about information security and data protection regulatory issues with which it needs to comply;
  • Input to the development, implementation and enhancement of the Business Continuity Framework;
  • Support the requirements of the risk management team, assisting colleagues on ad hoc projects where necessary;
  • Work with his/her colleagues in the security team to audit policy/control compliance, assist with ISO 27001 compliance
  • Risk Assessment – Assess local risks and participate in global risk assessment using methodology of the team; make contributions to risk management methodology.



To be successful in the role, you will have relevant experience in an IT / Information Security role as well as extensive knowledge of Information Security and Cyber risk and control frameworks and practical experience of implementing risk management improvements or performing oversight. You will be an excellent communicator both written and verbally, and have a strong track record of building positive relationships at a senior level and providing constructive support and challenge to Directors.

As a Risk expert or leader in your operational field, you will demonstrate a thorough knowledge of the operational and/or regulatory complexities within financial services. Experience of interaction with Regulators would be an asset for this role.


Experience in Financial Services is desirable but not essential as is external and / or Internal Audit experience. You will be expected to learn quickly and demonstrate an ability to deal effectively with new challenges and complexities associated with IT and Information Security.

Our Values


Be helpful
Random acts of kindness make the workplace a better place so, go out of your way to be helpful, and give people reasons to smile


Be straightforward
Life is complicated enough. Don’t make it harder for yourself, or for others. Sometimes the simplest approach works wonders.


Be bold
Every great business started with a flash of inspiration. If you’ve got a great idea, don’t keep it to yourself.

At Octopus, we recognise the importance of embracing diversity in order to create a high performance culture.


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed