Technology Risk Lead

We are currently seeking a highly motivated and experienced Technology Risk Lead to join our team. This position is well-suited for professionals with a proven track record in leading the identification and mitigation of technology-related risks, as well as substantial experience in controls assurance. The ideal candidate will thrive in a dynamic, fast-paced environment and demonstrate exceptional analytical and problem-solving abilities. If you are committed to upholding digital integrity and driving effective risk management, we welcome your application!

Who Are We? Not just another building society. Not just another job. We are the fourth biggest building society in the UK and what makes us different is that we are a mutual organisation. We do not have shareholders; we are owned by our members. Our colleagues say Skipton is a great place to work, and you could be one of them, bringing new ideas on how we can keep customers at the heart of what we do. Whatever your background and goals, we will help you take the next step towards a better future.

As the Technology Risk team, our primary focus is to manage and mitigate technology-related risks within the Society. We work closely with teams under the Technology Transformation and Resilience (TTR) function, including IT, Security, Operational Resilience, Change Delivery, Data Capability, and Engineering, as well as other teams across the Society like Operational Risk, Internal Audit, and Compliance amongst others. Our core role is to ensure the stability and security of our technology infrastructure. Additionally, we engage in various exciting initiatives such as enhancing cyber-security measures, improving operational resilience, driving technological innovation, and supporting TTR during audits by improving the effectiveness of our controls.

What’s In It For You? Skipton values work/life balance and we are proud to support hybrid and flexible working, where possible. We have a newly refurbished head office which offers a vibrant and collaborative working space. We have a range of other benefits available to you including:

• Annual discretionary bonus scheme
• 25 days standard annual leave + bank holidays + rising 1 day per year of service to a maximum of 30 days
• Holiday trading scheme allowing the ability to buy and sell additional annual leave days
• Matching employer pension contribution (up to 10% per annum)
• Colleague mortgage (conditions apply)
• Salary sacrifice scheme for hybrid & electric car
• A commitment to training and development
• Private medical insurance for all our colleagues
• Diverse and inclusive colleague networks available for you to join including our Carers and Pride Alliance groups
• We care about your health and wellbeing – we provide a range of benefits that support this including cycle to work initiative and discounted gym membership

What Will You Be Doing? You will lead the implementation of risk management processes in alignment with the Group Risk Management Framework (GRMF). This includes managing Risk and Control Self-Assessments (RCSAs), conducting control assurance reviews, and analysing risks, issues, and policy non-compliances to ensure accurate risk profiling. You will also maintain a central repository of technology risks and controls, delivering reports to support informed decision-making. In this role, you will collaborate with stakeholders to ensure effective operation of technology controls, identify areas for improvement, and ensure compliance with internal policies, industry standards, and regulatory requirements. You will also conduct periodic reviews to assess control maturity and support continuous improvement. Additionally, you will support business continuity, disaster recovery, and audit activities, guiding stakeholders in providing appropriate evidence. You will lead relevant forums and produce regular reports and dashboards for Senior Management.

What Do We Need From You? Exceptional report writing, communication, and stakeholder engagement skills are essential for this role. A solid grounding in technology risk management and controls is required, along with familiarity with key IT governance frameworks such as ISO 27001, PCI DSS, and NIST. Proven experience in leading risk assessments, audits, and compliance initiatives, as well as producing high-quality management information (MI) reports, will be highly advantageous.