Director of Technology & Operational Risk

Requirements

• Significant experience in operational and/or technology risk within financial services, with meaningful exposure to fintech, digital assets, or crypto — gained in a second-line or specialist risk function.
• Deep working knowledge of UK regulation, including MIFIDPRU and FCA expectations for operational resilience, with awareness of the evolving regulatory framework for crypto assets and digital markets.
• Proven track record of designing and operating core risk processes — RCSAs, risk registers, control attestations, incident management — at scale and across global, diversified businesses.
• Experience quantifying operational risk for capital adequacy purposes, including scenario analysis and stress testing.
• Strong grasp of technology risk disciplines, including cyber risk, infrastructure risk, data risk, technology change management, and emerging risks associated with AI systems and crypto infrastructure.
• Track record of engaging in new product and innovation risk processes, providing proportionate second-line input across products at different stages of maturity and scale.
• Track record of presenting to and influencing senior committees and regulators, with the gravitas to challenge constructively at all levels.
• Technically credible — able to engage meaningfully with Technology, Engineering, and Product teams, and translate complex exposures into clear risk language.
• Commercially minded — understands business drivers and calibrates risk management to support, not obstruct, strategic objectives and innovation ambitions.
• Outstanding communicator — able to convey complex risk topics with clarity and authority, both in writing and in person.
• Rigorous and disciplined — brings structure and consistency to risk processes without sacrificing pragmatism.
• Collaborative and influential — builds trusted relationships across functions and operates effectively in a matrixed, global organisation.

What the job involves

• This is a senior, technically substantive role at the heart of IG's second line of defence.
• You will own the design and operation of IG's core operational and technology risk processes — from incident response and control attestations to RCSA facilitation and risk register management — ensuring the framework is both rigorous and commercially informed.
• You will be a subject matter expert who commands credibility with technologists, product teams, and regulators alike — equally comfortable navigating the risk landscape of a global retail trading platform and the emerging challenges of crypto, AI, and digital asset products.
• This is a role for someone who operates at the intersection of technical depth and strategic influence, and who thrives in a fast-moving, innovation-led financial services environment.
• Design and maintain IG's operational risk framework in line with MIFIDPRU requirements and the ICARA process, including quantification of operational risk exposure for capital adequacy purposes.
• Own the end-to-end operational risk event and issue (ORE) lifecycle — identification, recording, root cause analysis, remediation tracking, and lessons learned — ensuring consistent standards across all business lines.
• Design, facilitate, and challenge Risk and Control Self-Assessments (RCSAs) across the organisation, with particular focus on technology, operations, and commercial functions.
• Maintain the operational risk loss database, producing regular management information for Risk Committees and the Board.
• Manage the control attestation process and operational risk registers, driving discipline and accountability across first-line owners.
• Lead second-line oversight of technology risk, covering cyber, infrastructure, data, and change risk, ensuring the risk profile remains within Board-approved tolerances.
• Oversee the incident response framework, providing independent challenge and assurance on first-line incident identification, escalation, and remediation.
• Embed a robust technology risk assessment methodology, partnering with Technology and Operations teams to identify and mitigate emerging risks — including those arising from AI adoption, algorithmic systems, and crypto/digital asset infrastructure — before they crystallise.
• Oversee Business Continuity Management (BCM) and Disaster Recovery (DR) risk assessments and own Crisis Management frameworks, ensuring IG meets its important business service obligations under the Group's operational resilience frameworks.
• Partner with business and product teams on the design and launch of new products — including crypto, digital assets, and AI-powered features — ensuring proportionate risk and control frameworks are established from inception rather than retrofitted.
• Provide credible second-line challenge and guidance across IG's diverse product range, from large-scale retail trading platforms to emerging and scaling fintech propositions, calibrating control expectations to the maturity, scale, and risk profile of each.
• Engage proactively with first-line teams on operational risk considerations in product and technology change programmes, acting as a trusted risk partner without obstructing pace of innovation.
• Maintain awareness of the evolving risk landscape for digital assets, crypto custody, DeFi-adjacent products, and AI-driven decisioning, providing horizon-scanning input to senior leadership and product governance forums.
• Support the annual ICARA process by providing robust operational risk capital calculations, including scenario-based stress testing and quantitative modelling of tail loss events.
• Engage proactively with prudential and conduct regulatory developments, drafting IG's responses to FCA consultations and thematic reviews relevant to technology and operational risk.
• Act as a subject matter expert during regulatory examinations, internal audits, and external reviews, representing the second-line function with confidence and authority.
• Prepare and present risk reports, emerging risk assessments, and thematic reviews for the Risk Committee, Audit Committee, and Board Risk Committee.
• Maintain IG's operational risk policy suite, including the Operational Risk Policy, Outsourcing & Third Party Risk Policy, and Business Continuity Policy.
• Provide second-line oversight and challenge to third-party and outsourcing risk, ensuring material arrangements meet regulatory and internal standards.
• Build and sustain strong working relationships with Technology, Operations, Compliance, Finance, and Front Office, acting as a trusted and commercially grounded risk partner.

Key Deliverables & Outcomes

• A mature, well-governed operational and technology risk framework that withstands regulatory scrutiny, meets Board expectations, and protects against material loss.
• Timely, high-quality MI and risk reporting that enables informed decision-making at committee and Board level.
• A rigorous RCSA process embedded across business lines, with clear ownership and meaningful outputs.
• An incident management framework that drives swift escalation, root cause resolution, and sustainable remediation.
• Robust ICARA-aligned operational risk capital quantification, including credible stress-testing scenarios.
• A policy suite that is current, proportionate, and actively applied across the organisation.
• Effective second-line challenge to first-line technology and outsourcing risk management.
• Proportionate, well-designed risk and control frameworks for new and scaling products, including crypto and AI-enabled propositions.