Head of Risk, Cyber & Technology

We are looking for an experienced cyber and technology risk professional with strong technical skills combined with the ability to communicate with and influence both technical and non-technical senior management.

About Schroders: We are a global investment manager. We help institutions, intermediaries and individuals around the world invest money to meet their goals, fulfil their ambitions, and prepare for the future. We have around 6,000 people on six continents and have been around for over 200 years but keep adapting as society and technology changes. Our commitment to helping our clients, and society, prosper remains unchanged.

The Non Financial Risk function is comprised of several key teams:

• Operational Risk
• Cyber, Technology & Resilience Risk
• Compliance Assurance
• Risk & Compliance Frameworks, Governance & Reporting
• Physical Security

The Cyber, Technology & Resilience Risk team operates as part of the second line of defence, providing oversight across Schroders. This team develops and maintains the tools and frameworks necessary for overseeing cyber, technology, and resilience risks. It collaborates closely with Global Technology, Information Security, and first line business units to ensure such risks are clearly defined, assessed, managed, and reported.

Key responsibilities:

• Overseeing cyber risks via the Information Security Risk Oversight Committee and through review of KRIs and KCIs.
• Collaborating with information security teams to ensure effective articulation, assessment, and management of cyber risks.
• Providing oversight of technology risk through risk control assessments and engagement on strategic technology initiatives.
• Monitoring cyber and technology related risk events to ensure thorough root cause analysis and appropriate remediation.
• Programme management of the annual operational resilience self-assessment cycle, ensuring all in scope entities' self-assessments are board approved.
• Programme management of the annual Business Continuity programme.
• Undertaking due diligence on critical third party continuity and resilience capabilities.
• Maintaining and regularly testing crisis and incident management frameworks.
• Responding to client due diligence requests regarding Business Continuity and Operational Resilience.

What you’ll do:

This position is responsible for managing this team and ensuring its effective delivery of its responsibilities.

Primary responsibilities:

• Provide technical 2nd line oversight of Cyber and Technology, ensuring risks are identified and escalated to appropriate senior stakeholders.
• Work with the 1st line to improve their controls and improve risk management.
• Facilitate the ongoing effectiveness of the Information Security Risk Oversight Committee (ISROC) as the primary governance forum for overseeing the management of Cyber Risk across the Group.
• Line manage this specialist capability (3 full time staff) to provide challenge and oversight to Information Security and Technology whilst also supporting broader responsibilities for maintaining and enhancing the firm’s business continuity and resilience frameworks.
• In response to requests from senior management or governance committees, undertake risk based reviews of key cyber security and technology processes and controls.
• Develop strong and effective working relationships across all 3 lines of defence to facilitate effective identification, management and remediation of cyber and technology risks.
• Review and interpret Red/ Purple Team test results identifying key messages and being able to articulate them to non-technical audiences via briefings.
• Demonstrate strong understanding of what are effective response and recovery strategies for cyber incidents.
• Draft entity board level reports for senior leadership and governing bodies.
• Present confidently at governance committee meetings, when required.

The knowledge, experience and qualifications you need:

• Degree level education.
• At least 10 years of relevant experience in Technology and Cyber Risk, gained in a Control/ Risk function, such as Internal Audit, First or Second Line Risk or Control functions.
• Strong technical skillset in Cyber Risk.
• Financial Services experience, preferably in Asset or Wealth Management.
• Proactive approach with strong written communication skills and attention to detail; ability to produce clear, accurate reports tailored to the audience.
• Strong analytical, logical, and problem solving abilities.
• Effective interpersonal and influencing skills with a collaborative, team oriented mindset.

The knowledge, experience and qualifications that’ll help:

• Relevant technical qualifications in Information Security or Technology Risk for example CISA, CISM or CISSP.
• Working knowledge of Asset or Wealth Management.
• Consulting or Big Four experience.
• Experience in working in a first line Technology or Cyber Security Function.
• Experience in Investment Banking or Retail Banking within a first line or second line risk capacity.

We recognise potential, whoever you are. Our purpose is to provide excellent investment performance to clients through active management. Diversity of thought, facilitated by an inclusive culture, will allow us to make better decisions and better achieve our purpose. This is why inclusion and diversity are a strategic priority for us and why we are an equal opportunities employer. You are welcome here, regardless of your age, disability, gender identity, religious beliefs, sexual orientation, socio economic background, or any other protected characteristic.