ICT and AI Risk Management Officer

Location: Hybrid/London Employment Type: Full-Time | Permanent Department: Risk, Governance & Compliance Level: Manager/Senior Manager

Our client is looking for an experienced IT Risk & Resilience Lead to drive enterprise-wide initiatives in IT governance, risk, compliance, and operational resilience. In this strategic role, you'll help shape how our client anticipates, responds to, and recovers from IT-related risks, while ensuring ongoing alignment with global regulatory requirements.

This is a high-impact role working across business units, third parties, and regulatory environments, ideal for someone with strong risk expertise and a deep understanding of how technology, compliance, and resilience intersect in regulated environments.

You'll be responsible for designing, maintaining, and evolving our IT risk frameworks, ensuring they meet both business needs and regulatory expectations. Your work will span seven key areas:

You'll advise governance forums, monitor compliance across internal policies and regulatory standards (e.g., DORA, GDPR, FCA, BaFin), and ensure our digital resilience strategy is fully embedded across the business.

Own the IT Risk Management Framework, run independent control tests, assess vulnerabilities, lead risk assessments, and guide remediation across critical systems and functions.

Coordinate post-incident analysis and response, ensure adherence to incident protocols, and enable robust service continuity in the face of technology disruptions.

Lead the annual IT stress testing programme and ensure continuous review of critical business functions from a technology perspective.

Evaluate and oversee risk exposure from third-party providers and technology supply chains, ensuring controls are in place and regulatory alignment is maintained.

Develop and lead IT risk training initiatives that build resilience awareness across staff and partners, reinforcing policy adherence.

Support development of the firm's approach to AI governance, implementation, and risk mitigation as new technologies are adopted.

• Extensive experience in IT operational risk within financial services or a similarly regulated environment.

• Strong understanding of IT governance, control frameworks, digital resilience, and compliance (e.g. DORA, GDPR, FCA Operational Resilience).

• Proven ability to conduct in-depth risk assessments, scenario testing, and vulnerability analysis.

• Experience working across departments and engaging with senior leadership on risk strategy.

• Excellent communication and stakeholder management skills.

• Strong analytical mindset with a detail-oriented approach.

• Proficiency with Microsoft Office; familiarity with GRC tools is advantageous.

• Knowledge of enterprise and operational risk management frameworks.

McGregor Boyall is an equal opportunity employer and do not discriminate on any grounds.