Team Manager, Cybersecurity (GRC)
PearsonTeam Manager, Cybersecurity
(GRC)
Role Title: Team Manager, Cybersecurity
Reports to: Senior Lead, Information Security
Location: London, Hybrid
Team: Cybersecurity, OCTO
Role Overview
Cybersecurity Governance, Risk & Compliance function sits within the Chief Information Security Office as part of the Digital and Technology organisation that consists of a wide range of shared services reporting to the Chief Information Officer at Pearson.
We are seeking a highly motivated and experienced Team Manager, Cybersecurity to lead our cyber risk and third‑party risk management capabilities within the Cyber GRC team. This role is accountable for how cyber risks are identified, assessed, prioritised, treated, and reported across the organisation.
The role sits at the heart of cybersecurity decision‑making, partnering closely with Technology, Data Privacy, Designated Risk Owners, and senior stakeholders to ensure risks are understood, actively managed, and transparently reported, while enabling the business to move at pace.
This is a people‑leadership role, responsible for developing a team of cyber risk professionals and setting the standard for pragmatic, risk‑based decision‑making across Cyber GRC.
Key Responsibilities
Cyber Risk Management
Lead the development, implementation, and continuous improvement of the enterprise cyber risk management framework.
Oversee risk identification, assessment, treatment, and monitoring across all cybersecurity domains.
Ensure cyber risks are consistently articulated in business‑relevant terms, with clear ownership and agreed remediation plans.
Establish and maintain robust cyber risk reporting and data standards, ensuring risk data is accurate, accessible, and consistently used to inform decision‑making.
Provide clear, concise risk insights and reporting to senior leadership, risk forums, and executive stakeholders.
Drive a strong risk culture, embedding risk management into technology and business decision‑making.
Third‑Party Risk Management
Own and oversee the third‑party cyber risk management (TPRM) programme, aligned to business criticality and risk appetite.
Ensure supplier and partner risks are assessed proportionately and tracked through to resolution or risk acceptance.
Support and lead material supplier risk discussions, including escalation and formal risk acceptance where required.
Support and govern formal cyber risk acceptance decisions, ensuring risks are clearly articulated, understood, and owned at the appropriate level.
Partner with Procurement, Legal, and Technology to ensure third‑party risks are understood and managed throughout the supplier lifecycle.
Define and oversee third‑party cyber risk reporting, metrics, and data quality to provide clear visibility of supplier risk exposure, remediation status, and material risk decisions.
Leadership & Team Management
Lead, coach, and develop a small team of cyber risk and third‑party risk professionals.
Set clear priorities, allocate work effectively, and ensure high‑quality, timely risk outcomes.
Act as a senior subject matter expert and escalation point within the Cyber GRC function.
Drive pragmatic risk prioritisation, balancing risk reduction, delivery timelines, and business priorities in line with risk appetite.
Maintain awareness of relevant regulatory, industry, and threat landscape developments to inform risk judgement and stakeholder advice.
Build capability across the team in risk judgement, stakeholder engagement, and executive communication.
Develop sustainable team capability and succession, reducing single‑points‑of‑failure across cyber risk and TPRM activities.
Build and maintain strong relationships and professional networks across Technology, Data Privacy, Legal, and senior stakeholders to enable effective risk outcomes and informed decision‑making.
GRC Maturity, Automation & Tooling
Drive the maturity of Cyber GRC processes through automation, tooling, and simplification.
Ensure risk workflows, dashboards, and reporting provide meaningful insight rather than compliance overhead.
Identify and remove unnecessary complexity in risk processes, documentation, and assurance activities.
Measure and track improvements in efficiency, turnaround times, and risk visibility as part of GRC maturity.
Key Skills & Experience
Proven experience leading cyber risk management and/or third‑party risk management within a complex organisation.
Strong understanding of cyber risk frameworks (e.g. ISO 27001, NIST CSF, SOC2).
Experience operating at senior stakeholder level, influencing risk decisions and outcomes.
Demonstrated people‑management and leadership capability.
Ability to balance strong risk judgement with commercial and operational realities.
Excellent written and verbal communication skills, with experience producing executive‑level risk reporting.
Professional certifications desirable (e.g. CRISC, CISM, CISSP, CISA).
What Success Looks Like
Cyber risks are consistently identified, prioritised, and managed across the organisation.
Senior leaders have clear visibility of material cyber risks and informed decision‑making.
Third‑party cyber risks are proportionately managed and do not create unexpected exposure.
A high‑performing cyber risk team with clear accountability and development pathways.
Cyber GRC is seen as a trusted risk partner, enabling informed business decisions rather than blocking progress.
Why Join Us
Opportunity to lead and shape a maturing cyber risk capability.
High exposure across Technology, Data Privacy, Legal, Procurement, and senior leadership.
Meaningful influence on how the organisation understands and manages cyber risk.
Supportive environment with strong focus on professional development.