Technology Governance, Risk & Compliance (GRC) Lead/Manager

Reporting to the Technology Governance Manager within the Data & Technology Risk Assurance Team, the Technology Governance Lead is responsible for developing and implementing an enhanced Data & Technology Governance framework covering all SMF24 areas including cybersecurity, information technology, business resilience and third-party risk management. The Governance Lead works alongside the Technology Governance Manager to oversee Data & Technology risk governance initiatives, engaging with key stakeholders.

Responsibilities include:

• Designing and implementing governance processes.
• Overseeing and driving improvements to these processes through automation and tooling to ensure a single source of truth.
• Preparing reports for EUI and Technology Risk and Compliance Committees.
• Collaborating closely with Subject Matter Experts to achieve effective outcomes.
• Advancing the maturity of the Data & Technology Controls Framework.
• Overseeing the Policy and Standards suite.
• Serving as the primary authority and advisor on matters relating to exceptions to standards.
• Overseeing compliance activities, ensuring responses are validated, communicated, and documented accurately.
• Providing specialised expertise and strategic guidance within the team.
• Supporting the Data & Technology department and business units across all SMF24 areas.

Main Duties:

• Lead the ongoing development of and improvements to data, technology and resilience policies, standards, and controls.
• Monitor emerging legislation and regulatory requirements for SMF24 areas, providing impact assessments to EUI.
• Prepare reporting documentation for EUI and Technology Risk and Compliance Committees.
• Offer guidance on policies, standards, and controls as needed.
• Advise stakeholders on relevant matters.
• Design and implement effective governance processes and oversee improvements to these processes through automation and tooling, ensuring a single source of truth.
• Coach and mentor Technology and GRC Governance Analysts.
• Provide mentorship to users on governance processes.
• Embed governance processes throughout EUI.
• Make recommendations regarding exceptions and ensure associated risks are reported and tracked.
• Oversee responses to third‑party and regulatory questionnaires.
• Review attestations related to Data & Technology Group and EUI Policies.
• Ensure readiness for internal audits and supervise action tracking and reporting.

Key Skills, Qualifications and Experience:

• Possess extensive knowledge of Data & Technology governance frameworks, earning recognition as an expert within the organisation.
• At least five years’ experience in a Technology Governance, Risk, and Compliance position.
• Demonstrated ability to design and implement governance frameworks.
• Familiarity with widely accepted best practice frameworks such as COBIT, ISF, ITIL, and ISO.
• Proven experience in developing Data & Technology controls, policies, and standards.
• Make effective decisions independently, grounded in a thorough understanding of business challenges and issues.
• Communicate clearly and appropriately across all employee levels; capable of explaining technical topics to both technical and non-technical audiences.
• Apply clear, efficient, and logical strategies to address problems step by step.
• Understand customer priorities and demonstrate a commitment to meeting their expectations.