Director of Technology, Cyber & Resilience Risk

Leads the Technology Risk & Operational Resilience capability across DSM, FX, and Risk Intelligence, accountable for the first-line risk and control environment, ensuring it operates within defined risk appetite and meets regulatory expectations.

Responsibilities

• Drives risk-informed engineering delivery, embedding robust controls, resilience practices, and data-led assurance across platforms.
• Own the first-line technology risk profile, ensuring alignment to divisional risk appetite.
• Own the technology control framework and library (applications, infrastructure, cloud, cyber).
• Define control standards, testing approaches, and assurance mechanisms.
• Drive remediation of control gaps, including systemic risk issues.
• Own first-line implementation of operational resilience frameworks, including: Important business services (IBS), impact tolerances, scenario testing and resilience validation.
• Ensure resilience is embedded into architecture, engineering and change processes.
• Partner with 2LOD to ensure alignment with regulatory expectations (e.g. DORA, UK OpRes).
• Lead 1LoD technology risk governance forums.
• Provide independent first-line challenge to engineering, architecture, and product teams.
• Escalate and drive resolution of material risk decisions and breaches (i.e. major incidents, material audit findings).
• Provide clear, data-driven risk and impact assessments to product owners in business-led risk forums/committees.
• Own first-line response to audit and regulatory reviews, including: issue ownership and remediation tracking; evidence provision and assurance quality.
• Provide technology risk insight to executive committees and Boards.
• Monitor external regulatory developments and emerging risks to drive required changes.
• Own oversight of technology third-party risk, including: critical suppliers and intra-group dependencies (i.e. IRQ, DDQ validation and remediation of gaps).
• Ensure alignment of cloud risk controls with enterprise standards.
• Partner with Infrastructure & Cyber (BSL) with clear accountability boundaries for technology services to supported entities.
• Own risk reporting and insight across DSM, FX, and RI.
• Define and govern KRIs, KPIs and control effectiveness metrics (KCIs).
• Ensure availability of accurate, decision-ready risk data.
• Drive adoption of data-led risk management across engineering teams.
• Lead and develop a high-performing technology risk team.
• Define clear roles, responsibilities, and RACI across first and second lines.
• Build risk capability across engineering, not just within the function.
• Act as a senior leader influencing culture, behaviours, and delivery outcomes.

Strong decision-making and challenge capability, not just advisory. Operational resilience and incident management expertise. Degree in Computer Science/Engineering or equivalent experience. CRISC, CISM, CISSP, ISO 27001 Lead Auditor/Implementer, ITIL Expert. Senior leadership in technology risk within regulated financial services. Cloud and third-party risk oversight. Highly effective in executive communication and regulatory engagement. Experience engaging with regulators and executive stakeholders. Strong track record in risk governance and remediation of systemic issues. Drives delivery discipline through measurable outcomes. Ownership of control frameworks aligned to recognised standards (NIST, ISO, COBIT). Combines deep risk expertise with engineering credibility. Builds alignment across complex stakeholder landscapes.