Risk Manager – Technology Security & Resilience

# ****About the Business****Quilter plc is a leading wealth management business, helping to enable brighter financial futures for every generation. Quilter oversees £126.3 billion in customer investments (as of August 2025). It has an adviser and customer offering spanning financial advice, investment platforms, multi-asset investment solutions, and discretionary fund management. The business is comprised of two segments: Affluent and High Net Worth. Affluent encompasses the financial planning business, Quilter Financial Planning, the Quilter Investment Platform and Quilter Investors, the multi-asset investment solutions business. High Net Worth includes the discretionary fund management business, Quilter Cheviot, together with Quilter Cheviot Financial Planning – offering a highly personalised service to private clients, charities, trustees, and professional partners. Quilter Cheviot has presence throughout the UK, Ireland and Channel Islands. At Quilter we never stand still. Our foundations are rooted in our extraordinary expertise, which is trusted by hundreds of thousands of customers, but we have great ambitions to stay one step ahead and make an even greater difference to the people and communities we serve, including our colleagues. Our business is transforming, continually modernising, and becoming even more customer centric. So, if you want to be bold in the pursuit of your ambitions, bring new ideas, and challenge and evolve what we do, it’s the perfect time to join us!# ****About the Role******Level** – 4**Department-** Risk**Location -** London/Southampton**Contract -** PermanentYou will work alongside our Risk and Compliance colleagues across the function and have opportunities to learn about other areas of the Quilter business, which are all impacted by this role’s areas of focus. You will directly assess and influence key risk decisions made by Management and work to enhance the overall risk culture of the organisation.Key responsibilities**Framework and Policies*** Support the Head of Risk Technology, Security & Resilience with quantification and validation of technology, security and resilience risks.* Assist with the development and roll out of Quilter wide risk policies, including oversight of the annual refresh and compliance assessments performed by the first line in relation to technology, security, and resilience risk, annually reviewing the effectiveness of their operation and providing input into the updating of the policies in line with good practice and regulatory requirements.* Input into and provide oversight of the development of the technology, security and resilience risk scenarios for Quilter, working closely with 1st line stakeholders to ensure that they input where appropriate to the scenario workshops.* Provision of guidance and advice (subject matter expertise) to 1st line regarding risk framework, policies and procedures including:* Providing policy owners with support in the application of the Quilter Group Policy Framework.* Overseeing the exemptions and waivers process for the IT, Information Security (IS) and Resilience Management policies.* Escalating/communicating effectively with IT / IS and Resilience policy specialist areas of concern to support them in their oversight responsibilities for policy compliance across the Group.* Contribute to the second line assessment and sign off of the Letter of Representation (LoR) for technology, security and resilience risk.**Oversight and Challenge*** Provide oversight and challenge to 1st line to ensure that risk is being managed within stated risk appetite and supporting the wider Risk team in the provision of effective, efficient, and consistent oversight, challenge, advice and assurance in line with strategy, frameworks, policy and standards for the management of risk. This includes planning and delivery of incisive thematic or deep dive risk reviews as needed.* Work closely with key stakeholders to ensure all key risks are identified and where appropriate mitigating actions are planned and delivered.* Overseeing and supporting 1st line risk assessments of Technology, Resilience and Security initiatives, along with challenging subject matter experts on the technical design and effectiveness of key controls where required.* Keeping up to date with regulatory changes within the Technology and Resilience domains e.g., FCA/PRA Operational Resilience, DORA etc.* Work with 1st line to develop and enhance the suite of risk, control and performance indicators that can be used to monitor and report upon technology, security, and resilience risk exposures.* Engage in strategic business development/key change management of technology, security, and resilience initiatives to ensure that risk exposures are considered and addressed and driving the risk agenda in support of the achievement of strategic goals.* Support the Risk Monitoring & Oversight team with detailed analysis of all material risk events originating from technology, security, and resilience, ensuring appropriate mitigating actions are taken.* Oversee the completion and maintenance of Risk and Control Self Assessments (RCSA) completed by Management for your key risk areas, and act as subject matter expert for any queries from these.**Communication and Stakeholder Engagement*** Communicate the purpose and strategy of the Risk team and the Risk Framework effectively to stakeholders, across the technology, security, and resilience areas.* Co-ordinate and collaborate with the Governance, Risk and Compliance (GRC) team within Technology to assist with the design and implementation of the Risk Framework and oversight of risk management activities.* Foster a risk aware culture across the technology, security, and resilience community.* Along with your team, be the key 2nd line point of contact for technology, security, and resilience risk expertise and knowledge.**Risk Reporting*** Input to governance forums and senior management in relation to technology, security and resilience risk.* Encourage continuous improvement, regularly reviewing, and optimising the content of technology, security and resilience risk management information through engagement, advice, and challenge, and influence the businesses in the adoption of consistent risk reporting standards.* Support businesses in the development and production of technology, security, and resilience Risk MI.* Oversee the production and review of risk related content of external reporting across the Group, including public reporting and reporting to regulators or other supervisory bodies such as rating agencies.* Support the Group CRO through the review and challenge of the content of risk reports, management information and risk papers to drive continuous improvement to the quality of content and messaging.* Provide timely support to the Group CRO, Affluent Risk Director and Executive Management for ad hoc risk reporting e.g., strategy and business planning presentations, external presentations, and training materials.# ****About You****The successful candidate:* Have prior working experience in either a technology, security and/or resilience role, preferably within UK financial services.* A certification in IT risk management, IT audit or security (e.g., CRISC, CISA, CISSP) is highly desirable but not essential.* Be comfortable discussing and challenging Technology subject matter experts on technical areas of risk, whilst being able to convey those technical aspects to senior management.* Demonstrate a commercial mind-set, to challenge thinking and practices readily and robustly at all levels to help redefine the business and deliver competitive advantage.* Knowledge of Technology, Security and Resilience best practice frameworks is advantageous (e.g., NIST, CIS, ISO27001, ISO22301 etc.).* Have proven influencing skills at the senior levels of management, with an ability to #J-18808-Ljbffr