At a Glance
- Tasks: Lead tech risk management strategies and enhance compliance in a dynamic environment.
- Company: Join a forward-thinking firm focused on technological resilience and innovation.
- Benefits: Competitive salary, diverse workplace, and opportunities for professional growth.
- Other info: Diverse and inclusive workplace with a commitment to employee well-being.
- Why this job: Shape the future of tech risk strategy and make a real impact.
- Qualifications: Experience in technology risk management and strong leadership skills required.
The predicted salary is between 70000 - 90000 £ per year.
Join a role that's central to our technological resilience, offering a unique opportunity to shape the firm’s tech risk strategy and enhance industry compliance. As a Technology Risk and Controls Lead within our Cloud Foundational Services Function, you will be passionate about operational risk management and control solutions for computing environments. You will partner with one or more disciplines, lines of business, regions and locations to respond to evolving business requirements and emerging threats. You will leverage your expert knowledge of today’s ever-changing technology risk landscape and controls environment to advise and support IT operations across the firm.
You will partner with process owners to respond to internal and external audit and regulatory requests for information, while ensuring senior stakeholders are kept updated on the risk posture for the organization. You will report directly to the Technology, Risk & Controls Portfolio Lead and will be responsible for a small team.
Lead the strategic development and implementation of technology risk management in a dynamic, evolving tech landscape. You’ll work with partners across the firm to spot new risks, strengthen day‑to‑day controls, and keep leaders informed on overall risk health. You’ll also coordinate responses to audits and regulatory requests, and guide IT teams on security, resiliency, and high‑availability design. The role covers key areas like access management, incident response, vulnerability management, and data protection, with a strong understanding of public cloud environments.
Job responsibilities
- Develop and implement technology risk management strategies, policies, and processes to identify, assess, and mitigate risks, and drive strategic projects and initiatives to enhance the firm’s technology risk management capabilities, in line with industry best practices and the firm’s standards and regulatory requirements.
- Set reuse‑first expectations for enterprise‑authorized AI adoption within the work environment across technology risk and controls operations to accelerate evidence synthesis, issue analysis, and executive reporting, with human‑in‑the‑loop validation and appropriate handling of sensitive data.
- Identify and upscale emerging and upstream technology risk through execution of the Firm’s management framework tools, including risk event management, reporting, and action plan tracking, and provide expert counsel to stakeholders and constituents regarding their security obligations, facilitating acceptable outcomes.
- Establish and maintain strong relationships with internal and external stakeholders, including key cross‑functional team leads, regulators, and auditors, to ensure compliance with legal, regulatory, and industry standards.
- Manage reporting and governance of overall controls, policies, issue management, and measurements, providing insight to senior leaders into effectiveness of controls and inform governance work.
- Establish governance standards for AI‑assisted workflows used in risk reporting and issue/action‑plan management, ensuring traceability/auditability and alignment to security, resiliency, and regulatory expectations.
- Direct oversight and management of Audits for Cloud Foundational Services.
- Support and advise process owners in managing operational risk and provide transparency to stakeholders.
- Ensure alignment with regulatory and firmwide control obligations and industry standards.
- Audit engagement and response management.
Required qualifications, capabilities, and skills
- Significant experience or equivalent expertise in technology risk management, information security, or a related field, with a focus on managing risk identification, assessment, and mitigation.
- Demonstrated experience leading safe adoption of enterprise‑authorized AI capabilities within the work environment within technology risk and controls workflows, including validation practices and awareness of data sensitivity.
- Ability to define review/approval and escalation expectations for AI‑assisted recommendations while maintaining security, auditability, and regulatory compliance outcomes.
- Demonstrated expertise in risk management frameworks, industry standards, and regulatory requirements relevant to the financial industry.
- Proven ability to lead large teams, manage cross‑functional projects, influence executive‑level strategic decision‑making, and effectively translate technology insights to business strategy in communications with senior executives.
- Advanced knowledge and experience leading data security, risk assessment & reporting, and control evaluation, design, and governance, with a track record of implementing effective risk mitigation strategies.
- Bachelor’s degree or equivalent experience.
- Strong leadership skills with exceptional communication and presence.
- Advanced knowledge of multiple IT control and project management practices and experience working across large environments.
- Ability to collaborate with high‑performing teams and individuals throughout the firm to accomplish common goals.
- Expertise in application and infrastructure high‑availability and resiliency architectures with demonstrated experience in business.
- Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection.
- Understanding of Public Cloud environments.
We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs.
Tech Risk and Controls Director - Audit in Glasgow employer: 慨正橡扯
At 慨正橡扯, we pride ourselves on being an exceptional employer that champions innovation and collaboration in the field of Behavioral Economics and Retirement Research. Our hybrid working model not only offers flexibility but also nurtures a vibrant work culture where employees are encouraged to grow and develop their skills through meaningful projects and leadership opportunities. Join us in Europe, where your expertise will directly contribute to enhancing investor outcomes and shaping impactful business strategies.