Risk & Resilience Analyst

We’re looking for a proactive and organised Business, Resilience and Risk Analyst to support Schroders’ Business Continuity, Crisis Management and Operational Resilience programmes. You’ll be comfortable working across a range of stakeholders, helping to coordinate planning, testing and governance activity, and ensuring documentation and reporting are accurate, complete and delivered to agreed timelines. This role suits someone with experience or a strong interest in business continuity, operational resilience, crisis management and/or technology and cyber risk, who enjoys working in a structured way and is keen to build a broad understanding of resilience risk oversight in a global investment management environment.

About Schroders: We’re a global investment manager. We help institutions, intermediaries and individuals around the world invest money to meet their goals, fulfil their ambitions, and prepare for the future. We have around 6,000 people on six continents. And we’ve been around for over 200 years, but keep adapting as society and technology changes. What doesn’t change is our commitment to helping our clients, and society, prosper.

The base: We moved into our new HQ in the City of London in 2018. We’re close to our clients, in the heart of the UK’s financial centre and we have everything we need to work flexibly.

The team: The Non-Financial Risk function is comprised of several key teams: Operational Risk, Cyber, Technology & Resilience Risk, Compliance Assurance, Risk & Compliance Frameworks, Governance & Reporting, Physical Security. The Cyber, Technology & Resilience Risk team operates as part of the second line of defence, providing oversight across Schroders. This team develops and maintains the tools and frameworks necessary for overseeing cyber, technology, and resilience risks. It collaborates closely with Global Technology, Information Security, and first-line business units to ensure such risks are clearly defined, assessed, managed, and reported.

Key responsibilities of the team include:

• Overseeing cyber risks via the Information Security Risk Oversight Committee and through review of KRIs and KCIs.
• Collaborating with information security teams to ensure effective articulation, assessment, and management of cyber risks.
• Providing oversight of technology risk through risk control assessments and engagement on strategic technology initiatives.
• Monitoring cyber and technology-related risk events to ensure thorough root cause analysis and appropriate remediation.
• Programme management of the annual operational resilience self-assessment cycle, ensuring all in-scope entities self-assessments are board-approved.
• Programme management of the annual Business Continuity programme.
• Undertaking due diligence on critical third-party continuity and resilience capabilities.
• Maintaining and regularly testing crisis and incident management frameworks.
• Responding to client due diligence requests regarding Business Continuity and Operational Resilience.

What you’ll do:

• Support the Group Business Continuity Management (BCM), Crisis Management and Operational Resilience programmes, helping to ensure processes, documentation and reporting are complete, accurate and delivered to agreed timelines.
• Act as a key point of contact for first line stakeholders, building effective relationships and providing guidance on business continuity planning, and operational resilience activities.
• Coordinate and support assurance over testing activities, including business continuity tests, disaster recovery tests, and crisis exercises, ensuring that the results are appropriately reported and issues identified effectively addressed.
• Be the key user and become proficient with the group planning and communications tool, to develop and maintain BC plans and to ensure an appropriate level of data quality within the system is maintained.
• Support reviews of critical third parties’ resilience capabilities, including due diligence activities, analysis of evidence received, documentation of outcomes, and tracking of remediation actions.
• Support governance forums and working groups (e.g., Information Security Risk Oversight Committee (ISROC) and Operational Resilience Working Group) by preparing materials, maintaining actions and decisions logs, and ensuring timely follow-up.
• Contribute to wider Cyber, Technology & Resilience Risk activity such as investigating incidents and supporting responses to client due diligence requests.

The knowledge, experience and qualifications you need:

• Demonstrable experience and knowledge of business continuity planning, crisis management, or operational resilience and/or technology/cyber risk.
• A desire to develop a deep and broad understanding of all aspects of business continuity planning, crisis management and operational resilience.
• An ability to communicate appropriately with different levels of the business and develop effective working relationships.
• An ability to work in a structured and organised fashion and a willingness to undertake administrative activities as required.
• Strong written and presentation skills combined with good written communication skills and a competent user of Word, Excel and PowerPoint.

We recognise potential, whoever you are. You are welcome here, regardless of your age, disability, gender identity, religious beliefs, sexual orientation.