Technology, Resilience and Security Risk Manager

OVERALL SUMMARY

This role will focus on analysing developing and maturing TrinityBridges IT Governance and alignment with industry-standard frameworks ensuring our ability to resiliently safeguard our clients our people and their assets.

The role contributes to the ongoing development and evolution of the enterprise-wide technology resilience and security governance strategy ensuring alignment with business objectives and regulatory requirements.

This colleague will be responsible for providing regular updates and recommendations to the C-suite on governance risk and compliance matters as required.

RESPONSIBILITIES

Governance

Responsible for:

• Analysing existing TrinityBridge Technology Security and Resilience (TRS) Governance to identify and close gaps and improvement opportunities.
• Ownership of the governance lifecycle of TrinityBridges policy and standards relating to TRS.
• Ownership of monthly risk reporting and KRIs/KPIs across TRS.
• Ownership of Risk and Control Registers across TRS.
• Reporting on risk items across all avenues in a timely and appropriate manner across governance forums ensuring affected stakeholders are informed.
• Developing and maintaining TRS risk appetite statements MI KPIs and KRIs in conjunction with the Operational Risk team to ensure TrinityBridge report with clarity on operation within the agreed tolerance.
  
• Produce full gap analysis reports on areas of improvement and risk to support risk and cost reduction and strategy delivery recommending thorough mitigation plans including justification for options considered.
  
• Own chair and shape the future of the Cyber and Resilience Risk committee (CRC) and sub-CRC- monthly forums presenting the TRS risk position risk acceptances approvals and actions to the CISO and COO and TRS leadership team.
  
• Independent review of problem management incident management and KRIs to provide proposals and recommendations on continuous improvement and optimal performance of the enterprise function.
  
• Ownership of TRS risk assessment of third and fourth parties through the established third party management team.

• Monitor emerging regulatory requirements and ensure governance frameworks are updated accordingly.
  
• Define review and evolve key metrics (MI KPIs KRIs) to ensure they remain relevant and actionable.
  

Programme delivery

Responsible for:

• Working closely with the TRS leadership team to assure weekly project status reports ensuring accuracy of TRS business change governance across the enterprise.
• Responsible for appropriate application of all business and technology change from a cyber and information security perspective.
• Ensuring TRS Governance is adhered to throughout business as usual (BAU) operation and business change utilising the mature operational processes already in place.
• Act as an interface between business change and TRS leadership where deviations to process and risk acceptances may be necessary.

Communication Reporting & Culture

• Responsible for TrinityBridges strong cyber and information security culture acting as the de-facto expert on cyber and information security for the business.
• Independently able to produce comprehensive write ups of current risks and threats as they develop producing expedient updates as situations change and span different threat vectors.
• Proactively report upwards on emerging cyber and data risks and threats providing a view through a business lens on potential impacts.
• Responsible for monthly robust traceable and risk-led MI on cyber and information security performance against governance frameworks and risk appetite.

People

• Operate with respect diversity and inclusion principles as a key tenet of your role.
• Develop a culture of continuous improvement and appraisal as a foundation for excellent organisational performance including operating within the firms people policies and processes.
• Build and develop relationships with organisation-wide peers.
  

Regulatory responsibilities Compliance/T&C

• Ability to demonstrate an understanding of the regulatory framework relevant to the role whilst practising effective risk management taking account of outcomes for clients.
  
• Understand follow and demonstrate compliance with all relevant internal and external rules regulations and procedures that apply to the conduct of the business. Follow principles and rules of the Financial Conduct Authority (FCA) and the internal requirements set out in the Compliance Manual local and Group Compliance and Risk policies.
  

WE WOULD LOVE TO HEAR FROM YOU IF:

• Experience in working in risk management roles with sole responsibility for risk areas.
• Whilst being hands-on technical is not required a fundamental understanding of Cyber/Information Security resilience and technical risk is required.
• Pragmatic and able to work collaboratively to find solutions.
• Excellent writing comprehension and ability with a drive to improve existing documents and processes.
• Excellent verbal communication skills operating with empathy and psychological safety.
• Able to clearly articulate how stakeholders comply with requirements/expectations set by regulators auditors organisational risk appetite senior management and the board.
• Experience in gathering analysing and structuring data using Microsoft and AI tools.
• Experience in the development and production of dashboards and reports including MI KPIs and KRIs.
• Ability to work independently within a defined remit managing schedule and multiple objectives.
• Ability to collaborate effectively with colleagues at all organizational levels.

• Desirable:

• Working as a cyber security and technology risk manager at a financial services organization
  
• Possess a working understanding of industry standard frameworks and concepts such ISO27001 SOC Type I & II ITIL COBIT Agile NIST CMMI
  
• CISM or business analysis certification or qualification

At TrinityBridge we look to recruit individuals from all different backgrounds and encourage you to apply even if you dont tick every box. We celebrate diversity promote inclusivity and are open to discuss flexible work options to help you balance your work and home life.

We appreciate that from time to time recruitment agencies will have speculative CVs that they may wish to submit to our Talent Acquisition team in relation to a specific role.

To avoid any ambiguity around fees please note thatspeculative CVs received by TrinityBridge that have not been authorised in advance by us will be ineligible for an agency fee. Thank you.

#LI-EM1 #LI-SY1 #LI-JJ1

At TrinityBridge we are all connected by our mission to be the best place in the UK for wealth professionals and their clients.

We believe that everyone should think ahead have a financial plan and invest wisely. Our clients are professionals business owners individuals charities families and employers who rely on our clear financial advice and investment management services to preserve and grow their long-term savings and investments.

We are a team of about 900 people based in 15 offices across the UK. Our geographic footprint means we can combine a local approach with face-to-face services to enable strong long-term relationships with our clients.

Sustainability is fundamental to our purpose and we have a responsibility to help address the social economic and environmental challenges facing our business colleagues and clients. We strive to do the right thing and are dedicated to helping the charities that matter most to our people.

We offer a wide range of inclusive benefits that provides our people with all the support they need to find a healthy balance in all aspects of their lives. We also invest in the growth of our people providing a sense of belonging and team spirit and the ability to thrive.

We recruit people from all backgrounds and are open to discussing all types of flexible working options helping our people to balance work and home life and make practical choices for wellbeing while delivering impact where it matters all of which contributes to our exceptional client experience.

We are committed to ensuring our recruitment process is accessible to everyone. We make adjustments for people who have a disability or long-term condition so if you need a job description or application form in an alternative format or would like to discuss the recruitment process with us please get in touch at.