Technology Risk Associate

United by a sense of purpose towards our customers – to be a trusted partner for the long‑term – and our universal banking platform in EMEA, SMBC Group has an international growth agenda and award‑winning products, meaning we provide exciting opportunities to work on a diverse range of projects and initiatives. We deliver a full suite of corporate finance products and solutions to our customers as well as investment banking and advisory services, and a range of innovative solutions in global capital markets. Read on to find out how you could enhance your skills and gain valuable experience, by joining us to support our clients transition to a sustainable future.

Purpose of Job

The purpose of this role is to support the organisation’s technology risk management activities as part of the First Line of Defence. You will play an important role in helping the business identify, assess, and manage IT‑related risks that could impact systems, data, and services. This includes assisting with the maintenance of governance records, monitoring compliance with internal policies and regulatory requirements, and supporting audit and assurance activities.

The role is designed to provide a strong foundation in technology risk management, offering opportunities to learn about risk frameworks, control environments, and regulatory standards. You will contribute to ensuring that IT systems remain resilient and aligned with best practices, while helping to embed risk awareness across the organisation. By supporting key processes and initiatives, you will develop technical knowledge and risk management skills that are essential for a career in IT governance and security. Ultimately, this position helps strengthen the organisation’s technology resilience by ensuring risks are effectively managed and compliance obligations are met.

Business Area

This role sits within the Information Technology Services Division (ITSD) as part of the Technology Risk Management team. You will work as part of the Technology Risk Management team to support the delivery of the organisation’s technology risk strategy. The position is designed for individuals at the early stages of their career in IT risk, offering hands‑on experience and exposure to key areas such as risk frameworks, audits, and governance processes.

As part of your responsibilities, you will contribute to embedding the technology risk framework across the organisation, ensuring that risks are identified, assessed, and managed effectively. You will assist in monitoring compliance with policies and standards, support internal and external audits, and help maintain governance documentation. This role plays a critical part in strengthening risk awareness and implementing controls that mitigate technology‑related risks, ultimately safeguarding the organisation’s systems and data.

Position Description

• Risk Register Monitoring: Update and maintain registers of risk events, incidents, audit findings, and exceptions, and track action plans to completion.
• Technology Risk Taxonomy & Risk Register: Assist in identifying technology risks across hardware, software, networks, and information systems, and help maintain the Technology Risk Register.
• RCSA Process: Support risk and control self‑assessments by gathering data, documenting key risks and controls, and assisting with effectiveness reviews.
• Controls Assurance Testing: Help with control testing activities, including tracking results and supporting oversight of control design and operation.
• Continuous Controls Monitoring: Assist in implementing processes for ongoing and automated control monitoring and collect relevant data.
• External Audit Liaison: Coordinate with auditors and internal teams to prepare evidence, schedule walkthroughs, and track IT SOX audit progress.
• Internal Audit Liaison: Work with internal teams to support assurance reviews and internal audits by maintaining control documentation and tracking remediation actions.
• Risk Acceptance and Exceptions: Assist in reviewing exception requests and updating records for non compliance with controls, standards, or policies.
• Risk Scenario Analysis and Monitoring: Provide input and support for developing, testing, and documenting risk scenarios and remedial actions.
• Emerging Risks: Help gather intelligence on operational and emerging risks, including regulatory changes, and assist in preparing monthly reports.
• Technology & Intragroup Reporting: Prepare metrics and reports for inclusion in technology meetings, forums, and dashboards.
• Risk Management Training: Support the planning and delivery of quarterly IT risk training sessions and maintain training records.

Knowledge and Experience

• Attention to Detail: Meticulous attention to detail is crucial for accurately managing open audit points, helping to document audit actions, and accurately track and report on the status of management actions.
• Organisational Skills: Strong organisational skills are necessary to effectively coordinate audit schedules, manage documentation, and prioritise tasks across the IT Department.
• Time Management: Excellent time management skills are essential for managing multiple audit engagements, meeting deadlines, and ensuring the smooth progression of audit activities.
• Communication Skills: Clear and concise communication skills are vital for effectively liaising with internal and external stakeholders, conveying audit‑related information, and facilitating collaboration across the IT Department.
• Analytical Skills: Strong analytical skills for analysing audit data, identifying trends, and generating insights to support audit reporting and decision‑making processes within the Technology domain.
• Adaptability: Ability to adapt to changing priorities, audit requirements, and work effectively in a dynamic and fast‑paced environment.
• Confidentiality: Demonstrated ability to handle sensitive information with discretion and maintain confidentiality in accordance with organisational policies.
• Proficiency in Office Software: Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint, Outlook) and other relevant software applications for document management, data entry, and reporting.
• Technology Knowledge: ITIL and or COBIT knowledge is preferable. Work towards a detailed understanding of Technology and Cyber Risk frameworks (e.g. NIST / COBIT / ITIL).

Qualifications

Computer Science or STEM subject degree or equivalent experience is preferred.

Benefits

We also believe in fostering a diverse and inclusive work environment, where all team members perspectives and contributions are valued. Initiatives in place which promote a diverse and inclusive culture and healthy work life balance include hybrid working, Sport & Social Clubs and Diversity and Inclusion networks.

• Hybrid and flexible working
• Competitive paid leave days
• Benefits to support your physical wellbeing, including private medical insurance and life and invalidity insurance
• Various policies to support your mental wellbeing, including a robust behavioural health network with counselling and coaching services
• Access a wide range of learning and development opportunities and career progression opportunities

So, if you like a challenge and want to continuously grow and develop in a role where you will be supported along the way by a dynamic and diverse team, apply today!! We value the uniqueness of professional and personal backgrounds and perspectives as they play a vital role in continuing our sustainable growth as an organisation. If you’re in need of reasonable adjustment to the recruitment process due to disability or long‑term condition, just let your recruiter know.