Vice President, Risk and Control - Digital Engineering

Responsibilities

• Accountable for defining, creating and governing the Digital Engineering Risk and Control strategy in accordance with the wider EMEA Technology IT Risk and Control vision and strategy and risk appetite.
• Accountable for defining the Digital Engineering Solutions and Services risk appetite and framework in accordance with the overall Technology department's risk appetite and tolerance framework, managing the department's operational, regulatory and financial risk.
• Define and evolve the Digital Engineering Services and Solutions Key Risk Indicators and Controls and govern accordingly.
• Present the department's risk landscape, providing proactive oversight and prioritisation to ensure timely closure of issues.
• Run the department’s Risk/Control/Audit monthly forum committee, presenting high-quality risk reports and insights to the Head of Digital Engineering Services and Solutions and the Extended Leadership Team.
• Responsible for providing visibility of the Extended Leadership teams’ EOL roadmap, the department’s position and Product Owners’ remediation plans and progress.
• Primary contact for all risk, control and audit issues across all Digital Engineering Solutions and Services teams.
• Provide assurance over the department’s controls design and effectiveness, ensuring controls are proportionate and embedded in day-to-day activity.
• Provide proactive assurance around risk management through data-driven monitoring and structured sampling techniques to validate controls before failure.
• Educate and lead the Digital Engineering staff, defining best practice operations and governance in line with industry and company standards.
• Work in partnership with Product and Platform owners, challenging and advising on risk management for new products, processes and change programmes, providing risk-based decision-making support.
• Drive and adhere to the strategic direction of accountable pillars, while supporting the rest of the department.
• Responsible for managing issue management on behalf of the department.
• Handle potential sensitive information related to Cyber Security events and assessments.
• Work across all areas of the department to ensure the Control & Governance team provides necessary support services, oversight and governance capabilities to all stakeholders.
• Build strong relationships with key stakeholders such as IT Risk & Control, Cyber Security, Operational Risk, Internal Audit, Compliance and external parties where applicable.
• Oversee relationships with IT Risk and third parties for all external and internal audits.
• Ensure strong governance, structures and processes to support effective operational risk and control management across the department.
• Support extended leadership teams with creation/attestation of key controls against the Operational Risk Framework.
• Manage engagement with stakeholders to design, plan and deliver remediation actions for control deficiencies.
• Ensure adherence to internal policies and external regulatory requirements.
• Manage complex risk-related loss events, conduct root-cause analysis and develop response plans.
• Perform operational control checks across infrastructure and engage with other technology areas when required.
• Collaborate with Incident Management and Threat & Vulnerability teams to detect and address vulnerabilities.
• Ensure compliance with all regulatory requirements, including SOX assessments, cyber risk defenses and controls.
• Execute risk governance across all Digital Engineering Solutions and Services verticals.
• Provide support for pen test findings and manage related Key Risk Indicators.
• Support disaster recovery exercises, ensuring new services are documented with BCP/DR in mind.
• Provide advisory assistance to IT Risk and Control relating to access management processes.
• Input into incident management processes where appropriate.
• Support new applications as they are released to the business and elevate potential service issues to management.
• Produce regular risk management data for management and chair the department’s Risk Oversight Committee.
• Lead and champion an inclusive, diverse, and values-led culture, fostering a growth mindset and embracing new technologies.
• Ensure appropriate risk awareness training is in place across the department.
• Build and nurture strong relationships with internal and external stakeholders to promote collaboration and influence positive change.

Qualifications and Experience

• Extensive experience leading a risk and control function in a financial services organisation.
• Extensive experience working with risk-management tools such as Open Pages.
• Understanding of COBIT, NIST, and related frameworks.
• Extensive experience leading internal and external audit bodies.
• Proven track record of managing risk-related issues for large departments, through lifecycle creation, reporting and remediation.
• Experience with industry-specific regulatory requirements and their impact on operational risk, including AML, data privacy, cybersecurity and FCA regulations.
• Excellent knowledge of regulations such as SOX and external assessments such as CBEST.
• Extensive prior experience working within an infrastructure environment, with high-level understanding of platforms and technology.
• Solid understanding of threat and vulnerability management processes and technologies.
• Extensive exposure to Incident Management, Problem Management and root-cause analysis.
• Proven ability to communicate effectively with senior management, providing governance oversight.
• Ability to balance strategic goals with practical risk-management solutions, interpreting and analysing risk data to provide relevant insights.
• Prior experience managing a team and leading a risk and control team with line-management responsibilities.
• Experience reporting directly to L2 management or above within a management team.

Education / Qualifications

• ITIL Expert
• CRISC
• CISA / CISM
• Educated to a degree level or equivalent.

Desirable Skills

• Knowledge of authentication services technology.
• FRM, PRM, CFA, MBA, Prince 2 Foundation.
• Excellent communication skills with strong leadership and people-management abilities.
• Ability to manage constructive conflict effectively.
• Strong decision-making skills and sound judgement.
• Structured and logical approach to work, with a creative and innovative mindset.
• Excellent interpersonal skills, strong attention to detail and accuracy.
• Ability to manage large workloads and tight deadlines, performing well under pressure.
• Confident leadership, able to provide clear direction to a high-performing team and inspire trust and motivation.

Work Environment

We are open to considering flexible working requests in line with organisational requirements.