Technology Risk Manager in City of Westminster

Are you passionate about enabling innovation safely in a highly regulated environment? We are seeking a Technology Risk Manager to join our Risk & Compliance function and operate as part of the First Line of Defence (1LoD) to protect the firm against existing and emerging risks. In this role, you will help the firm identify, assess, manage and report technology risks including those relating to Data, AI and Operational Resilience, embedding pragmatic risk management into day‑to‑day delivery, operational processes and third‑party relationships. You will partner closely with Technology, Information Security, Data, Legal, Compliance and business stakeholders to ensure that risk is understood, owned, and managed in line with the firm's risk appetite, supporting growth, client trust and the right regulatory outcomes. This role will report to the General Counsel and works closely with the Technology and Cyber teams to ensure colleagues and clients facing products and services are secure, resilient and well‑governed. It strengthens our ability to scale responsibly by ensuring risk management is embedded into how we operate and change globally.

Risk Leadership & Ownership Responsibilities

• Act as a risk partner supporting Technology leadership and teams to own and manage risks within their areas.
• Maintain a clear view of the firm's technology risk profile across Data, AI and Operational Resilience and Technology operations (e.g., infrastructure, cloud, applications, identity, endpoints, collaboration tooling). This includes maintaining a Technology Risk Register.
• Translate regulatory and internal requirements into practical controls and guidance, regularly assessing and reporting on the design and operating effectiveness of the control environment through controls validation.
• Promote a strong risk culture: 'secure and compliant by design' while enabling pace and innovation.

Data Risk

• Work with the Technology Business Solutions, DPO and Data Governance teams to support effective management of data risks, including updating policies and minimum standards.
• Independently validate the Data Governance Framework and assess the design and operating effectiveness of key controls.
• Assess, report on and track risk mitigation plans where risks are outside appetite.

AI Risks and Responsible AI Enablement

• Help maintain and embed AI risk management for both internal and client‑facing use cases, including use‑case/product risk assessments (privacy, security, bias/fairness, explainability, IP, confidentiality).
• Develop approval pathways and guardrails for generative AI tools.
• Implement model/solution lifecycle controls (testing, monitoring, change management).
• Support creation and maintenance of AI standards, playbooks and minimum control baselines aligned to the firm's risk appetite.

Cyber / Information Security Risk

• Partner with Cyber Security to ensure security risks are identified, documented and actively managed across teams.
• Assess and report on the design and operating effectiveness of security controls, ensuring control failures are addressed on a timely basis and reported/escalated where necessary.
• Where applicable, assist with security risk acceptances: ensuring decisions are documented, time‑bound, and include remediation plans.

Technology & Operational Resilience Risk

• Assess and report on risk management for technology operations, including availability, resilience, backup and recovery of critical services, capacity, obsolescence and technical debt, change/release risk and service stability.
• Contribute to business continuity and disaster recovery planning, testing and lessons learned.
• Monitor incident governance: capturing risk themes, root causes, control improvements and reporting.

Change, Delivery & Control‑by‑Design

• Help embed technology risk management into delivery lifecycles (Waterfall/Agile), including project/product risk assessments and go/no‑go decision support.
• Support design reviews to confirm controls are considered early.
• Support secure SDLC practices and control evidence capture.
• Define 'minimum viable controls' that are proportionate to risk and practical for teams.

Third‑Party / Supplier & Outsourcing Risk

• Working closely with Technology to support the assessment and ongoing oversight of technology suppliers, including cloud and SaaS vendors.
• Conduct due diligence, control requirements and contractual risk input.
• Perform ongoing monitoring (performance, incidents, compliance attestations).
• Manage exit/portability and concentration risk considerations.
• Maintain a view of material supplier risks and remediation actions.

Governance, Reporting & Assurance Support

• Maintain and improve technology risk artefacts: risk registers, control libraries/universe, KRIs/KPIs, thematic findings and action plans.
• Provide clear reporting for Technology leadership and relevant governance committees.
• Support audits, second line reviews and regulatory requests by coordinating evidence and ensuring timely closure of actions.

Professional Experience

• Proven experience in technology risk management or technology audit—ideally within a regulated or professional services environment.
• Demonstrable experience working in or alongside a Three Lines of Defence model, with an understanding of 1LoD responsibilities.
• Experience supporting risk management across multiple domains including data, AI, resilience and Technology operations and change.

Domain Knowledge

• Strong understanding of risk assessment techniques (inherent/residual risk, control effectiveness, action planning).
• Familiarity with control frameworks and assurance concepts (ISO 27001, NIST, COBIT, ITIL).
• Knowledge of UK regulations relating to the areas in scope for this role.
• Experience defining, embedding and monitoring controls, balancing pragmatism with robustness.

Leadership and Interpersonal Skills

• Strong influencing skills to gain buy‑in from stakeholders at all levels.
• Ability to navigate complex organisational dynamics and drive consensus.

Communication Skills

• Exceptional verbal and written communication skills, with the ability to present complex ideas clearly and persuasively.
• Experience presenting to boards, executive committees and large audiences.
• Skilled in building and maintaining relationships with clients, partners and internal stakeholders.

Personal Attributes

• Passionate about innovation and driving change to enhance business outcomes.
• Open‑minded and adaptable to new ideas and technologies.
• Strong focus on achieving goals and delivering measurable results.
• Ability to prioritise and manage multiple initiatives effectively.
• Commitment to the highest ethical standards and professional integrity.