We can consider hybrid or fully remote work in the UK.
We’re looking for a self-motivated and driven individual with a passion for technology risk management who is looking for an exciting role as a technology risk subject matter expert within the second line of defence (2LoD) Chief Risk Office.
You will provide expertise, advice and independent challenge around the Technology risk and control environment and play a crucial role in developing the technology risk strategy to protect Aztec from technology-related threats while enabling business growth and innovation.
This role offers the successful candidate extensive opportunities for development and the opportunity to apply their knowledge of technology risk at a senior level within a financial services environment.
Key responsibilities:
* Development and delivery of Aztec’s technology risk strategy in line with the ERMF and the Chief Risk Office roadmap, regulatory requirements and industry best practice, such as COBIT5 / ITIL.
* Ensure that key strategic risks and controls associated with cloud infrastructure, AI, data management, and wider digital transformation are appropriately covered within the ERMF.
* Develop, monitor and challenge the effectiveness of risk appetite and Key Risk Indicators (KRIs).
* Work with the Chief Risk Office and Technology Leadership to establish a robust risk governance model for managing Technology risks.
Risk Identification, Assessment and Mitigation
* Lead the 2LoD oversight of Technology risks including identifying, assessing and monitoring risks related to technology infrastructure, cyber security, data, AI and resilience.
* Oversee and challenge the Technology risk and control environment, including both their Principal and Risk and Control Self-Assessment (RCSA) processes.
* Conduct independent assurance reviews where necessary to assess the design and application effectiveness of technology controls.
* Lead the 2LoD oversight of the management of technology vendor risks ensuring that key technology vendors have appropriate controls in place to maintain their robustness and resilience.
* Oversee technology issues management and risk acceptance processes.
* Lead on the 2LoD review of material Technology Incidents and Risk Events ensuring that actual / potential losses, fix details and root cause analysis is reported in a timely and accurate manner within risk governance.
* Strategic challenge of 1LoD identification and evaluation of risks associated with technology regulatory change and compliance (e.g., DORA, EU Artificial Intelligence Act).
* Strategic challenge of 1LoD risk mitigation strategies.
Risk Reporting and Insights
* Timely and meaningful production of 2LoD risk reports, dashboards and insights for various levels of risk governance (e.g., executive and board level committees) highlighting key vulnerabilities and the appropriateness of mitigation strategies.
* Escalate material technology risks and issues within the Chief Risk Office and to wider risk governance and recommend appropriate mitigation.
* Provide insightful data driven technology risk analysis to support risk-based decision-making.
* Report emerging technology risks within risk governance as part of integrated risk reporting.
* Provide subject matter expertise on emerging technology risks, including cloud security, AI, operational resilience, and data privacy.
Risk Culture and Awareness
* Take a lead role in embedding a strong risk culture across Technology functions.
* Drive risk maturity within Technology functions and regularly assess against Aztec’s Risk Maturity Model, reporting outcomes / areas of focus within risk governance.
* Make risk meaningful and relevant to key stakeholders through training and awareness materials and sharing best practices in clear, easy to understand language.
* Deliver training programmes on technology, cyber, and resilience risks.
* Strategic challenge of Aztec’s technology, data, AI and cyber security strategies, and be able to articulate and assess the associated risks.
* Lead 2LoD oversight on Technology-related transformation initiatives including attendance at project SteerCo’s to provide independent challenge and advice.
* Act as a subject matter expert on AI including providing effective 2LoD oversight and challenge on the implementation of Aztec’s AI strategy and AI Risk Management Framework.
Stakeholder Management / Line Management
* Be a trusted 2LoD partner to Technology functions cultivating effective relationships and networks and be seen as an escalation point for technology risk-related queries and advice.
* Partner with 1LoD business colleagues to enhance resilience, mitigate technology and cyber risks, and integrate risk considerations into Technology strategy and operations.
* Provide thought leadership to clients and other senior stakeholders.
* Attend risk governance committees as a senior Chief Risk Office representative including the Information Security Forum and Data Governance and AI Committee.
* Represent, as required, the Chief Risk Office as the technology risk SME at executive and board level risk committees.
* Be a 2LoD contact point for auditors, clients, and other external stakeholders.
* Actively manage the performance and development of direct reports ensuring a structured and motivating environment and results-driven approach.
Skills, knowledge, expertise:
Qualifications and experience
* Prior experience within a financial services or Fintech environment.
* Educated to degree level in a relevant subject and/or hold a technology professional qualification.
* Deep technical knowledge of technology-related regulation (e.g., DORA, GDPR, EU AI Act).
* Experience with third-party and outsourcing risk, AI and digital transformation risks.
* Experience of developing and operating Technology Risk Management Frameworks such as ITIL, COBIT, NIST, ISO.
* Demonstrable extensive relevant experience of technology and change/operational risk in either a 1LoD or 2LoD capacity (2LoD preferable).
* Experience in scenario analysis and resilience impact assessments would be advantageous.
Core skills and competencies
* A strong working knowledge of Microsoft products including Excel and Word, strong analytical skills and ability to provide risk intelligence analysis.
* Highly developed written and verbal communication skills and demonstrable experience interfacing with senior stakeholders to establish relationships and become a trusted advisor.
* An ability to apply technical knowledge in a practical and balanced manner and balance commercial issues and business objectives within the confines of the ERMF.
* Independently minded and able to challenge constructively and professionally.
* Result oriented, self-motivated, capable of planning and managing own workload and negotiating, influencing and building consensus in a challenging environment.
* Advanced presentation skills including the use of Microsoft PowerPoint and ability to produce concise Executive-level risk reports.
We will provide the training, both in-house for relevant technical knowledge and also professional qualifications to enhance your professional development. You will need to be quick to learn new systems and great with people, as close working relationships between our colleagues and clients is at the heart of what we do.
#J-18808-Ljbffr