Technology Risk and Control Manager

Our Technology Business Management team sits at the heart of OSB Group's technology strategy. They bring together technology, risk, finance and operational insight to ensure we make smart, data‑driven decisions about how we run, invest in and protect our technology landscape. The team partners closely with Engineering, Cyber, Change and Operational Risk to create a transparent, well‑governed and value‑focused technology environment.

As a Technology Risk & Controls Manager, you will have the opportunity to strengthen OSB Group's technology risk environment by providing expert oversight across operational and change activity. You will proactively identify risks, challenge effectively, and ensure strong governance and control maturity across our technology teams. As the senior Technology Risk SME, you'll work with cross‑functional stakeholders to embed robust controls, uplift risk culture, and integrate risk management into agile delivery. Reporting to the Technology Risk Management Lead, you'll drive continuous improvement and support a forward‑looking, resilient technology risk posture.

Responsibilities

• Provide expert risk oversight across Technology portfolios, ensuring strong control environments and proactive risk identification.
• Act as the senior Technology Risk SME, offering authoritative challenge and insight across run and change activity.
• Lead and enhance RCSA activities, identifying emerging risks, control gaps and issues.
• Guide first‑line teams on risk identification, control design, KRIs, testing expectations and continuous monitoring.
• Oversee IT, Data and Cyber risk assessments, ensuring controls remain effective and aligned to regulatory expectations.
• Provide change assurance, embedding controls by design, reviewing mandatory controls pre‑go‑live and ensuring alignment with delivery frameworks.
• Influence senior stakeholders, shaping remediation plans, escalating key risks and driving uplift in control maturity.
• Champion a strong risk culture, supporting training, embedding risk practices into Agile delivery and maintaining high‑quality governance and reporting.

What is in it for you:

• We offer a base salary, dependent on experience, between £65,000 - £75,000.
• Enhanced family‑focused benefits.
• Hybrid‑working.
• Annual bonus opportunity.

About us:

At OSB Group, we understand how much our people bring to our organisation, which is why we try our best to give back too! Our Purpose is to help our customers, colleagues and communities prosper and we are on a transformation journey to become 'the bank of the future'. Our commitment to professional development, flexible working, and employee well‑being fosters a dynamic and supportive workplace.

Do you have the skills?

We are looking for talented individuals who have the experience and knowledge set out below:

• Strong knowledge of Technology Risk Management, including RCSA, control design, assurance and IT/Cyber/Data risk frameworks.
• Ability to translate complex risk and technical concepts into clear, actionable insight for senior technical and non‑technical stakeholders.
• Strong understanding of programme and project delivery methodologies, including Agile (Scrum, Kanban, SAFe) and traditional Waterfall approaches.
• Strong analytical, influencing and stakeholder‑management skills, with resilience and adaptability in a fast‑moving environment.
• Industry qualification such as CRISC, CISM or CISA.

What to do next:

If this sounds like you, please apply now! For internal applications please visit the internal careers page to apply. Alternatively, if you wish to have an informal and confidential chat please get in touch. Contact details can be found on our careers page. If shortlisted from your initial application we operate a personalised recruitment process. Interviews are a two‑way street, we aim for them to be relevant and conversational to get the best out of you!

OSB Group are dedicated to diversity in the workplace and committed to treating all our employees and job applicants equally. We embrace equal opportunities and are opposed to discrimination on any grounds. As part of our public commitment to the Women in Finance Charter, we have introduced our own initiatives to attract, develop and advance senior women in our sector. We don't stop there though, we have broadened our approach to encourage diversity and inclusion at all levels and in all roles. Our leadership and Executive Committee are right behind us, to the extent that our Diversity Champions sit at Board level and on a monthly basis receive updates on our progress.

Whilst we are an organisation that values face‑to‑face interaction to build and nourish our culture, we also acknowledge that people are not just productive in an office and tied to the 9 to 5. Flexible‑working opportunities are important for establishing a healthy work‑life balance so if you see a role of interest we are happy to be asked about flexibility and explore together if we can make it work.

All applicants must have rights to work in the UK and be willing to undertake the relevant pre‑employment screening checks should your application be successful.

Desired Skills and Experience

• Technology Risk Management - operational risk, change risk, risk assessment, risk frameworks.
• IT Controls & Assurance - control design, testing, control effectiveness, controls by design.
• RCSA Expertise - risk & control self‑assessment, issue identification, remediation.
• Change Governance - delivery risk oversight, go‑live readiness, mandatory controls.
• Cyber & Data Risk - understanding of cyber, data, and operational resilience risks.
• Agile Risk Integration - embedding risk into Agile, DevOps, iterative delivery.
• Stakeholder Influence - senior‑level challenge, risk communication, decision support.
• Governance & Reporting - risk reporting, dashboards, assurance outputs.
• Regulatory Knowledge - ISO 27001, NIST, COBIT, DORA, operational risk frameworks.
• Analytical & Critical Thinking - identifying systemic issues, assessing control maturity.
• Collaboration & Cross‑Functional Working - partnering with Technology, Risk, Cyber, Data, and delivery teams.
• Communication Skills - translating complex risk topics for technical and non‑technical audiences.