Technology, Resilience and Security Risk Manager

This role will focus on analysing, developing and maturing TrinityBridge's IT Governance and alignment with industry-standard frameworks, ensuring our ability to resiliently safeguard our clients, our people, and their assets. The role contributes to the ongoing development and evolution of the enterprise-wide technology, resilience, and security governance strategy, ensuring alignment with business objectives and regulatory requirements. This colleague will be responsible for providing regular updates and recommendations to the C-suite on governance, risk, and compliance matters as required.

RESPONSIBILITIES

• Governance

• Analysing existing TrinityBridge Technology, Security and Resilience (TRS) Governance to identify and close gaps and improvement opportunities.
• Ownership of the governance lifecycle of TrinityBridge's policy and standards relating to TRS.
• Ownership of monthly risk reporting and KRIs/KPIs across TRS.
• Ownership of Risk and Control Registers across TRS.
• Reporting on risk items across all avenues in a timely and appropriate manner across governance forums, ensuring affected stakeholders are informed.
• Developing and maintaining TRS risk appetite statements, MI, KPIs and KRIs in conjunction with the Operational Risk team, to ensure TrinityBridge report with clarity on operation within the agreed tolerance.
• Produce full gap analysis reports on areas of improvement and risk, to support risk and cost reduction and strategy delivery, recommending thorough mitigation plans including justification for options considered.
• Own, chair and shape the future of the Cyber and Resilience Risk committee (CRC) and sub-CRC - monthly forums presenting the TRS risk position, risk acceptances, approvals and actions to the CISO and COO and TRS leadership team.
• Independent review of problem management, incident management and KRIs to provide proposals and recommendations on continuous improvement and optimal performance of the enterprise function.
• Ownership of TRS risk assessment of third and fourth parties through the established third party management team.
• Monitor emerging regulatory requirements and ensure governance frameworks are updated accordingly.
• Define, review, and evolve key metrics (MI, KPIs, KRIs) to ensure they remain relevant and actionable.

• Working closely with the TRS leadership team to assure weekly project status reports, ensuring accuracy of TRS' business change governance across the enterprise.
• Responsible for appropriate application of all business and technology change from a cyber and information security perspective.
• Ensuring TRS Governance is adhered to throughout business as usual (BAU) operation and business change, utilising the mature operational processes already in place.
• Act as an interface between business change and TRS leadership where deviations to process and risk acceptances may be necessary.

• Responsible for TrinityBridge's strong cyber and information security culture, acting as the 'de-facto' expert on cyber and information security for the business.
• Independently able to produce comprehensive write ups of current risks and threats as they develop, producing expedient updates as situations change and span different threat vectors.
• Proactively report upwards on emerging cyber and data risks and threats, providing a view through a business lens on potential impacts.
• Responsible for monthly robust, traceable and risk-led MI on cyber and information security performance against governance frameworks and risk appetite.

• Operate with respect, diversity and inclusion principles as a key tenet of your role.
• Develop a culture of continuous improvement and appraisal as a foundation for excellent organisational performance, including operating within the firm's people policies and processes.
• Build and develop relationships with organisation-wide peers.

• Ability to demonstrate an understanding of the regulatory framework relevant to the role, whilst practising effective risk management taking account of outcomes for clients.
• Experience in working in risk management roles with sole responsibility for risk areas.
• Whilst being hands-on technical is not required, a fundamental understanding of Cyber/Information Security, resilience and technical risk is required.
• Pragmatic and able to work collaboratively to find solutions.
• Excellent writing comprehension and ability, with a drive to improve existing documents and processes.
• Excellent verbal communication skills, operating with empathy and psychological safety.
• Able to clearly articulate how stakeholders comply with requirements/expectations set by regulators, auditors, organisational risk appetite, senior management and the board.
• Experience in gathering, analysing and structuring data using Microsoft and AI tools.
• Experience in the development and production of dashboards and reports, including MI, KPIs and KRIs.
• Ability to work independently within a defined remit, managing schedule and multiple objectives.
• Ability to collaborate effectively with colleagues at all organisational levels.

• Working as a cyber security and technology risk manager at a financial services organization.
• Possess a working understanding of industry standard frameworks and concepts such ISO27001, SOC Type I & II, ITIL, COBIT, Agile, NIST, CMMI.
• CISM or business analysis certification or qualification.