Senior Cyber and Technology Risk Manager London

This role serves as the 2nd line cyber and technology risk expert, shaping and maintaining our risk frameworks to protect the organisation as we adopt advanced technologies such as AI and post‑quantum solutions. Your responsibilities will include supervising cyber and technology risks for our crucial national infrastructure and main technology partners, assisting us in our aim to maintain a leading ‘Run’ organisation for UK payments.

As a reliable second line collaborator, you will offer guidance, oversight, and confidence on all issues related to cyber and technology risks. The role reports directly to the Chief Risk Officer.

• Be a trusted 2nd Line partner to the whole organisation from a cyber and technology risk perspective, cultivating effective relationships and networks ensuring rapid escalation of technology and cyber risks/issues/incidents across Pay.UK.
• Supervise and assess the CNI provider regarding cyber and technology aspects, confirming they possess suitable measures to uphold their robustness and resilience.
• Stay abreast of current technology trends, vulnerabilities and emerging technologies. Continuously monitor advancement in cyber and technology practices utilising relationships with the NCSC and other agencies.
• Define and deliver a Cyber and Technology oversight and assurance strategy to help the business attain and support a technology and security posture.
• Manage the development and delivery of the 2LoD cyber and technology oversight and assurance frameworks and policies in line with regulatory requirements and industry good practice, such as NIST, COBIT5 / ITIL etc.
• Oversee and challenge the Pay.UK cyber and technology risk & control environment, including both Principal and Directorate Risk & Control Self-Assessment (RCSA) processes, ensuring accurate, complete, timely and meaningful reporting to the relevant risk management committees, including attending Risk and Board committees to provide confidence in assurance outcomes.
• Deliver a programme of targeted cyber and technology assessment and assurance reviews where necessary, and collaborate with 1LoD SME input.
• Provide oversight of our innovative technology projects and report in accordance with broader integrated assurance plans.
• Support cyber and technology issue management and risk acceptance processes together with associated aggregation and reporting activities.
• Support the Pay.UK’s incident & event reporting processes, ensuring that actual/potential losses, fix details and root cause analysis are reported accurately and timely to internal management and our regulators.
• Make cyber and technology risk meaningful and relevant to your stakeholders through training and awareness materials, sharing best practice in clear easy to understand language.
• Maintain full awareness of and adherence to the Enterprise Risk Management Framework as well as other relevant Cyber, Technology, Information System and GDPR frameworks.

• Degree in a relevant field or equivalent professional technology qualification.
• Significant experience in cyber, technology, and operational risk in a 2nd line (2LoD) role.
• Background in Financial Services or FinTech.
• Demonstrated capability to create, improve, or manage Technology Risk Management Frameworks that adhere to industry best practices.
• Comprehensive knowledge of frameworks such as ITIL, COBIT and NIST.
• Understanding of emerging technologies (e.g., AI, post‑quantum) and their associated risks and regulatory expectations.
• Skilled in engaging with senior stakeholders and acting as a trusted advisor.
• Skilled in producing clear, high‑quality risk reporting for Executive and Board audiences.
• Able to apply technical insight in a practical, balanced and commercially aware manner.
• Able to provide helpful feedback while maintaining professionalism and clarity in communication.
• Highly organised, with the ability to prioritise and deliver effectively in a demanding environment.

At Pay.UK, we value diversity and inclusivity. Research has shown that candidates from underrepresented groups may hesitate to apply unless they meet all the requirements listed. We encourage all qualified candidates to apply, regardless of how closely their skills and experience match the requirements. We are committed to supporting accessibility needs and creating a welcoming environment for all employees.

Who we are: Pay.UK maintains and develops the UK retail payment systems and standards that are core to the economy being able to function on a day-to-day basis. From Bacs to Faster Payments and cheques – we act as the single operator for all UK retail payments. We put the needs of consumers and businesses at the heart of everything we do, working in the public interest to ensure that the systems the country relies on for its banking transactions are safe, open, innovative and resilient.

Our payment systems underpin the services that enable funds to be transferred between people and institutions. In 2024, the UK's retail payment systems processed 11 billion transactions worth over £10 trillion through Bacs Direct Credit, Direct Debit, Faster Payments, and cheques, and our Current Account Switch Service has facilitated over 9 million switches since its launch in 2013. Every day, individuals and businesses use the services we provide to get their salaries, pay their bills and make online and mobile banking payments. Our vision for the future is to enable a vibrant economy, with Pay.UK delivering the best-in-class payment infrastructure and standards for the benefit of consumers and businesses nationwide.

• 12% Non-contributory pension.
• Discretionary annual bonus.
• 30 days annual leave (excluding bank holidays).
• Employee assistance programme.
• Cycle to Work Scheme.
• Season ticket loan.
• Annual fitness subsidy of up to £500 per annum.
• Working from home policy - minimum 40% in the office (e.g. 2 days in the office over a 5 day working week).