Director, Technology, Cyber & Resilience Risk in London

Leads the Technology Risk & Operational Resilience capability across DSM, FX, and Risk Intelligence, accountable for the first‑line risk and control environment, ensuring it operates within defined risk appetite and meets regulatory expectations. Drives risk‑informed engineering delivery, embedding robust controls, resilience practices, and data‑led assurance across platforms. Reports to Head of Business Management, Markets & Risk Intelligence Engineering.

Core Accountabilities

• Own the first‑line technology risk profile, ensuring alignment to divisional risk appetite.
• Own the technology control framework and library (applications, infrastructure, cloud, cyber).
• Define control standards, testing approaches, and assurance mechanisms.
• Drive remediation of control gaps, including systemic risk issues.
• Own first‑line implementation of operational resilience frameworks: Important Business Services (IBS), impact tolerances, scenario testing and resilience validation; embed resilience into architecture, engineering and change processes.
• Partner with 2LOD to align with regulatory expectations (e.g., DORA, UK OpRes).
• Lead 1LoD technology risk governance forums; provide independent first‑line challenge to engineering, architecture and product teams.
• Escalate and drive resolution of material risk decisions and breaches (major incidents, material audit findings).
• Provide clear, data‑driven risk and impact assessments to product owners in business‑led risk forums/committees.
• Own first‑line response to audit and regulatory reviews: issue ownership and remediation tracking, evidence provision and assurance quality; provide technology risk insight to executive committees and Boards; monitor external regulatory developments and emerging risks.
• Own oversight of third‑party risk: critical suppliers, intra‑group dependencies, control effectiveness, TPRM lifecycle and exit risks; ensure alignment of cloud risk controls with enterprise standards; partner with Infrastructure & Cyber (BSL) with clear accountability boundaries.
• Own risk reporting and insight across DSM, FX and RI; define and govern KRIs, KPIs and control effectiveness metrics (KCIs); ensure availability of accurate, decision‑ready risk data; drive adoption of data‑led risk management across engineering teams.
• Lead and develop a high‑performing technology risk team; define clear roles, responsibilities and RACI across first and second lines; build risk capability across engineering, not just within the function; act as a senior leader influencing culture, behaviours and delivery outcomes.

Required Experience

• Senior leadership in technology risk within regulated financial services.
• Ownership of control frameworks aligned to recognized standards (NIST, ISO, COBIT).
• Strong track record in risk governance and remediation of systemic issues.
• Operational resilience and incident management expertise.
• Experience engaging with regulators and executive stakeholders.
• Cloud and third‑party risk oversight.

Qualifications & Certifications (preferred)

• CRISC, CISM, CISSP, ISO 27001 Lead Auditor/Implementer, ITIL Expert.
• Degree in Computer Science/Engineering or equivalent experience.

Skills & Attributes

• Deep risk expertise with engineering credibility.
• Strong decision‑making and challenge capability, not just advisory.
• Highly effective in executive communication and regulatory engagement.
• Drives delivery discipline through measurable outcomes.
• Builds alignment across complex stakeholder landscapes.

Career Stage Director

Equal Opportunities Employer. We are proud to be an equal opportunities employer. We do not discriminate on the basis of anyone’s race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs.