Risks and Controls Manager in Edinburgh

Reporting to the Head of First Line Risk, the Risk & Controls Manager will support the business (First Line of Defence) to identify, assess, manage and monitor all non‐financial risks across products, processes and operations. This includes operational risk, financial crime, third‐party outsourcing risk, operational resilience, conduct risk and other related disciplines. The role helps embed the Society's risk and control framework, ensuring effective controls, strong risk culture and compliance with regulatory expectations. This list is not exhaustive and the post holder is expected to carry out any other tasks that are required to fulfil the needs of the role. Management may add or subtract from the list of duties in order to meet the need of the business as they see fit and as per the terms and conditions of contract.

Key Responsibilities

• Identify, assess and report non-financial risks across the business, using processes such as RCSAs, risk assessments and routine monitoring.
• Develop, embed and maintain the non-financial risk and control framework, ensuring policies, standards and controls are understood and consistently applied.
• Monitor the effectiveness of key controls through first line testing, MI, KRIs, thematic reviews and other indicators, escalating where risks move outside appetite.
• Coordinate timely remediation of control failures, issues, incidents and audit findings, ensuring robust root cause analysis and sustainable fixes.
• Support first line ownership of all non-financial risk disciplines, including (but not exhaustive):

• Operational Risk (incidents, errors, process risks, change risks)
• Financial Crime (fraud, AML, sanctions, controls and reporting)
• Operational Resilience (important business services, continuity planning, testing)
• Third Party and Outsourcing Risk (due diligence, oversight, performance monitoring)
• Conduct and regulatory compliance within first line processes

Measures of Success

• High quality, timely delivery of key risk and control activities, including RCSAs, control testing, incident reviews and management reporting.
• Effective control environment, demonstrated through strong audit/assurance outcomes, reduced repeat issues, and timely, sustainable remediation.
• Improved first line risk culture, with strong business engagement, clear ownership of non-financial risks and proactive identification/escalation of emerging risks.

About You

Skills & Capabilities for the role

• Qualifications: Degree or equivalent in business, finance, accounting, risk management or related discipline; professional risk/compliance qualifications are often preferred (e.g. FRM, IRM, ICA).
• Essential Experience required: Experience in a risk, controls, compliance, audit, or operational role within financial services, with a solid understanding of non-financial risk disciplines (e.g., operational risk, financial crime, operational resilience, third party/outsourcing risk, conduct).
• Strong familiarity with the Three Lines of Defence model and how first line teams identify, assess and manage risks day to day.
• Experience using risk and control processes such as RCSAs, incident management, issue tracking, control testing, risk assessments, and MI reporting.
• Good analytical skills, including the ability to interpret data, identify themes, and translate insights into clear recommendations.
• Strong communication and stakeholder management skills, with experience engaging operational teams and senior stakeholders.
• Good IT skills, including experience with Excel, risk systems, or operational tools commonly used in risk and control environments.
• Experience working directly with any of the following risk areas:

• Financial Crime (AML, fraud, sanctions, transaction or alert handling)
• Operational Resilience (continuity, testing, important business services)

Behaviours

• Professional and ethical
• Strong interpersonal relationships
• Able to work with minimum supervision and to deadlines
• Willing to take on responsibility and accountability
• Ability to consider the needs, abilities and personalities of others
• Willing to work as part of a team and involve others
• Positive approach

Essential skills

• Strong attention to detail with the ability to work independently, prioritise effectively, and meet deadlines.
• Ability to simplify complex issues, document them clearly and support teams in understanding their risk responsibilities.
• Confident in challenging constructively, promoting first line ownership and supporting a strong risk culture.
• Proactive, solutions focused mindset with a willingness to identify control improvements and drive continuous enhancement.