Director, Technology, Cyber & Resilience Risk

Leads the Technology Risk & Operational Resilience capability across DSM, FX, and Risk Intelligence, accountable for the first-line risk and control environment, ensuring it operates within defined risk appetite and meets regulatory expectations. Drives risk-informed engineering delivery, embedding robust controls, resilience practices, and data-led assurance across platforms. Reports to Head of Business Management, Markets & Risk Intelligence Engineering.

Core Accountabilities

• Risk & Control Ownership
  • Own the first-line technology risk profile, ensuring alignment to divisional risk appetite.
  • Own the technology control framework and library (applications, infrastructure, cloud, cyber).
  • Define control standards, testing approaches, and assurance mechanisms.
  • Drive remediation of control gaps, including systemic risk issues.
• Operational Resilience
  • Own first-line implementation of operational resilience frameworks, including: Important business services (IBS), Impact tolerances, Scenario testing and resilience validation.
  • Ensure resilience is embedded into architecture, engineering and change processes.
  • Partner with 2LOD to ensure alignment with regulatory expectations (e.g. DORA, UK OpRes).
• Risk Governance & Decisioning
  • Lead 1LoD technology risk governance forums.
  • Provide independent first-line challenge to engineering, architecture, and product teams.
  • Escalate and drive resolution of material risk decisions and breaches (i.e. major incidents, material audit findings).
  • Provide clear, data-driven risk and impact assessments to product owners in business-led risk forums/committees.
• Regulatory, Audit & External Engagement
  • Own first-line response to audit and regulatory reviews, including: Issue ownership and remediation tracking, Evidence provision and assurance quality.
  • Provide technology risk insight to executive committees and Boards.
  • Monitor external regulatory developments and emerging risks to drive required changes.
• Third Party & Cloud Risk
  • Own oversight of technology third-party risk, including: Critical suppliers and intra-group dependencies (i.e. IRQ, DDQ validation and remediation of gaps), Control effectiveness, TPRM lifecycle and exit risks.
  • Ensure alignment of cloud risk controls with enterprise standards.
  • Partner with Infrastructure & Cyber (BSL) with clear accountability boundaries for technology services to supported entities.
• Risk Data, MI & Reporting
  • Own risk reporting and insight across DSM, FX, and RI.
  • Define and govern KRIs, KPIs and control effectiveness metrics (KCIs).
  • Ensure availability of accurate, decision-ready risk data.
  • Drive adoption of data-led risk management across engineering teams.
• Leadership & Operating Model
  • Lead and develop a high-performing technology risk team.
  • Define clear roles, responsibilities, and RACI across first and second lines.
  • Build risk capability across engineering, not just within the function.
  • Act as a senior leader influencing culture, behaviours, and delivery outcomes.

Required Experience

• Senior leadership in technology risk within regulated financial services.
• Ownership of control frameworks aligned to recognised standards (NIST, ISO, COBIT).
• Strong track record in risk governance and remediation of systemic issues.
• Operational resilience and incident management expertise.
• Experience engaging with regulators and executive stakeholders.
• Cloud and third-party risk oversight.

Qualifications & Certifications (preferred)

• CRISC, CISM, CISSP, ISO 27001 Lead Auditor/Implementer, ITIL Expert.
• Degree in Computer Science/Engineering or equivalent experience.

Skills & Attributes

• Combines deep risk expertise with engineering credibility.
• Strong decision-making and challenge capability, not just advisory.
• Highly effective in executive communication and regulatory engagement.
• Drives delivery discipline through measurable outcomes.
• Builds alignment across complex stakeholder landscapes.

Career Stage: Director