Director LCH Ltd Technology Risk & Controls in London

Locations: London, United Kingdom

Time type: Full time

Posted on: Posted Today

Job requisition id: R

LSEG (London Stock Exchange Group) is more than a diversified global financial markets infrastructure and data business. We are dedicated, open-access partners with a commitment to excellence in delivering the services our customers expect from us. With extensive experience, deep knowledge and worldwide presence across financial markets, we enable businesses and economies around the world to fund innovation, manage risk and create jobs.

Our culture of connecting, creating opportunity and delivering excellence shape how we think, how we do things and how we help our people fulfil their potential. We embrace diversity and actively seek to attract individuals with unique backgrounds and perspectives. We break down barriers and encourage teamwork, enabling innovation and rapid development of solutions that make a difference.

Role Purpose:

• Responsible for reporting and managing the LCH LTD Technology Risk Profile in the context of its Risk Appetite on behalf of the LCH LTD CIO.
• Oversee Critical intra-group outsourcing arrangements.
• Lead and mature LCH Ltd’s first-line Technology Risk & Controls function across application, infrastructure, cloud and cyber domains.
• Ensure control design and operating effectiveness meet the CCP’s obligations and LSEG group standards.
• Drive delivery against key enhancement and assurance, provide authoritative risk insight to LCH executives and the Board.
• Drive refinement of assurance management practices so that assurance activities are consistently risk-based and aligned with risk appetite.

Key Responsibilities:

• Technology Control Design & Assurance: Own the first-line technology controls library (apps, infra, cloud, cyber) for LCH Ltd; define control objectives, procedures and metrics. Partner with BSL (Group Infrastructure & Cyber) to track LCH-owned controls and deliver the uplift programmes for identified core controls. Co‑chair technology risk reviews in CAB/technical change forums in conjunction with LCH Production Management and Architecture; enforce entry criteria, quality gates, and business approvals. Embed Group Delivery Disciplines (architecture‑led, data‑led, engineering‑led, STP design, etc.) into technology risk checkpoints for programmes and releases.
• Regulatory & External Stakeholder Engagement: Coordinate technology risk contributions to Operational Risk Committee and executive risk governance. Prepare updates on emerging risks (e.g., quantum/AI).
• Third-Party Risk: Oversee TPRM for external and internal/intra-group technology suppliers—financial stability, Controls/KRI, SII, audit actions, end‑of‑life/patching—working with procurement, TPRM and second line risk. Oversee the management of intragroup critical outsourcing arrangements with BSL (Infrastructure and Cyber). Integrate cloud risk controls and assurance with LSEG Markets & Risk governance rhythms.
• People & Operating Model: Build and lead a diverse team (engineering, risk assurance, data) with clear roles and development paths. Clarify control ownership and RACI across first/second line; mentor control owners and ensure succession coverage. Interact closely with Divisional Risk teams (2LoD), Group Technology Risk & Control team (1LoD), and with LCH LTD and 1st line technology teams. Emphasis on influencing teams to enhance their risk management culture.

Key Outcomes (12–18 months):

• Control Library Alignment & Uplift: deliver prioritized uplift of control design and operating effectiveness to agreed target states.
• Resilient Change Delivery: Close gaps in change governance/CAB (entry criteria, quality gates, business accountability) to reduce risk of production incidents linked to change.
• Transparent Risk Reporting: Embed residual-risk and thematic reporting (beyond KPI/RAG) in resilience governance, with consistent sampling/testing guidance.
• Third‑Party & Cloud Risk: Strengthen TPRM and cloud risk controls in step with LSEG Markets & RI cadence.
• People & Operating Model: Build a high‑performing risk & controls team aligned to the BCO target operating model; clarify control ownership and RACI across first and second lines.

Required Experience:

• Senior leadership in Technology Risk/Controls within regulated Financial Market Infrastructure or Tier‑1 financial services.
• Ownership of control libraries and assurance programmes; familiarity with CEP, NIST CSF/CRI, ITIL/COBIT, ISO 27001.
• Hands‑on change governance/CAB leadership in complex platforms; remediation of systemic gaps.
• Operational resilience and incident management expertise; experience presenting to executive and regulatory bodies.
• Cloud risk oversight and third‑party risk management across critical vendors.

Qualifications & Certifications (preferred):

• CRISC, CISM, CISSP, ISO 27001 Lead Auditor/Implementer, ITIL Expert.
• Degree in Computer Science/Engineering or equivalent experience.

Skills & Attributes:

• Risk intellect with engineering credibility; able to translate risk into design‑level control changes.
• Influence & communication: concise executive storytelling and pack preparation for boards/committees.
• Delivery discipline: embeds Group Delivery Disciplines and measurable KPIs.
• Stakeholder management: collaborates across first/second line, BSL, programme delivery and product technology.

Join us and be part of a team that values innovation, quality, and continuous improvement. If you’re ready to take your career to the next level and make a significant impact, we’d love to hear from you.