Technology Risk & Resilience Manager (Second Line)

Were looking for an experienced Technology Risk & Resilience Manager to join our second line risk in London United Kingdom or Dublin this pivotal role you will:

• Provide independent second line oversight and credible challenge of Technology Risk (Information Technology and Information Security) within the firm ensuring effective integration of technology risk into the overarching second line Risk Management Framework including alignment with DORA third-party risk and service resilience expectations.
• The role will not own or operate technology risk controls but will assess challenge and provide assurance over how technology risks are identified managed and reported by the first line.

Key Roles & Responsibilities

Second Line Oversight & Framework Integration

• Define and embed Technology Risk (IT & Information Security) appropriately within the Operational Risk Taxonomy and Framework ensuring clear documented delineation of 1LOD vs 2LOD accountability in line with companys governance models.
• Provide independent 2LOD oversight of the Technology Risk Management Framework assessing its alignment and interdependency with first-line control frameworks (e.g. Third-Party Risk Management IT Controls Cybersecurity etc.) and ensuring coherence with second line Operational Risk and Resilience frameworks.
• Support the maturation of a consistent service-based view of technology risk by challenging 1LOD mapping of applications infrastructure and third-party ICT services to internal and client-facing business services.

Risk Identification Assessment & Challenge

• Review and challenge first line identification and assessment of technology risks including (i) application risk (ii) infrastructure dependencies (iii) information security risks and (iv) third-party technology dependencies ensuring consistency with the companys risk taxonomy and regulatory expectations.
• Assess the quality completeness and consistency of Technology Risk Registers control inventories incident remediation activities and impact analysis.
• Provide credible 2LOD challenge where risk assessments severity ratings or residual risk conclusions are not sufficiently supported.

Operational Resilience

• Support integration of technology risk into the firms Operational Risk & Resilience frameworks including regulatory/jurisdictional aligned frameworks including:

i) mapping of technology dependencies to important business services

ii) assessment of ICT/technology-related incidents and materiality thresholds

iii) align on incident classification and escalation decisions with reporting standards ensuring impacts both technically and operationally are appropriately assessed and captured on associated incident reporting portals.

• Provide second line review and challenge of technology related incidents including severity client impact and regulatory reporting considerations.
• Contribute and support with resilience testing and scenario analysis from a technology dependency perspective.

Third Party & Technology Dependency Risk

• Provide 2LOD oversight of technology-related third-party risks ensuring:

i) appropriate risk identification where services rely on externally procured applications or infrastructure

ii) alignment between Technology Risk and Third-Party Risk Management outcomes

• Review dependency and concentration risk associated with critical technology vendors.

Change & Control Environment Oversight

• Provide oversight and challenge of technology-related change activities including:

i) IT BAU change including change risk assessments and post-implementation validations

ii) technology elements of business change

iii) changes impacting critical services or client-facing platforms

• Conduct thematic reviews of incidents audit findings or control weaknesses and assess whether these indicate systemic risk or control gaps.

Governance & Reporting

• Draft and peer review committee papers and support where required the delivery of periodic reporting to management and governance forums.
• Deliver on annual requirement to report and present the second line technology framework (i.e. annual DORA attestation) as well as contribute risk reporting on technology risk themes for senior management and risk committees.
• Translate technical risk information into clear business-relevant risk insights for non-technical stakeholders.
• Support the Head of Risk in setting monitoring and challenging technology-related risk appetite. Stakeholder Engagement & Collaboration:
• Partner with senior first line leaders and control functions to embed risk and resilience principles in business planning and oversee and support the development of technology risk reporting.
• Candidate should be comfortable facing challenges from CISO/CIO/CTO levels in addition to demonstrated ability to manage relationships within a parent company structure involving cross-collaboration within Risk such as Enterprise Data Operational Risk & Resilience.

Qualifications :

Education Requirements

• Post-secondary degree in technology business or a related discipline plus qualification in CRISC CISSP CISM
• Fluency with frameworks such as NIST CSF ISO 27001 / 27002 COBIT to facilitate an oversight role
• Professional qualification in risk or a related discipline would be preferred but not essential

Work Experience

• 10 years experience operating in a second line or independent risk oversight role overseeing Technology Risk IT Risk Cyber Risk in a financial institution or compatible industry
• Experience within governance oversight programs of IT Architecture Application and EUC development and deployment
• Strong knowledge of: (i) technology risk concepts (ii) information security risk (iii) third-party technology risk (iv) operational resilience principles (v) corporate insurance 
• Familiarity with information management frameworks through the lens of technology risk (inclusive of cyber and information security)
• Experience engaging credibly with senior technology and business stakeholders
• Strong written and verbal communication skills particularly in translating technical issues into business risk

Functional/Technical Skills and Knowledge Requirements

Essential

• Experience with DORA operational resilience or similar regulatory regimes
• Experience working in fund services asset servicing or regulated financial services
• Exposure to multi-entity or cross-jurisdictional regulatory environments (e.g. Ireland / Cayman)
• Proactive solution-oriented mindset with the ability to work effectively in a fast-paced environment.
• Advanced proficiency in Microsoft Excel and experience of onboarding new systems / technology are preferred
• Strong IT skills with strengths in Microsoft Office products

Preferred

• Proficiency in Power BI Tableau and Power Apps for data visualisation and dashboard creation.
• Experience with Excel SharePoint and Microsoft 365 tools for workflow automation

Additional Information :

Take a look at our careers site and youll find everything youd expect from a career with the fastest-growing business at one of the worlds largest financial groups. Now take another look. Because its how we defy expectations that really defines us. Youll feel that difference in all kinds of ways. Our vibrant CULTURE. Connected team. Love of innovation laser client focus and next-level LEARNING & DEVELOPMENT. Oh and we really walk the talk when it comes to HYBRID WORKING.  

So why settle for the ordinary Apply now for a Brilliantly Different career.  

We thank all candidates for applying; however only those proceeding to the interview stage will be contacted. 

Remote Work :

No

Employment Type :

Full-time