Senior Risk Manager - Technology and Change

Senior Risk Manager – Technology and Change (Second Line)

Job Introduction

The Risk function serves as the independent risk control unit within the organisation, acting as the second line of defence (2LOD) and providing oversight and challenge across the organisation’s principal risks — including credit, financial, and operational risks.

The Technology and Change Risk Team is responsible for risk oversight of IT Risk, Data Risk, Information Security, Change Management, Operational Resilience, and Intra-Group Risk. The team also ensures there is a consistent and objective view of all technology-related risks, as well as shared risks between Business and IT such as Payments Risk, Third Party Risk, and Operational Resilience. The function provides independent assurance to senior management that these risks are appropriately identified and managed across the organisation’s business lines and supporting functions.

Main Responsibilities

The role holder will be expected to take ownership or contribute to the following key areas throughout the year:

1. Risk Advisory and Guidance
2. Independent Risk Oversight
3. Annual Regulatory Returns
4. Change Oversight and Change Assurance

Ideal Candidate

• Proven experience working directly with senior Technology leadership (e.g., Heads of Functions or equivalent).
• Advanced understanding of Technology and Change Risk disciplines such as IT Risk, Data Risk, Information Security, IT-led and Business-led Change, IT Resilience and Recovery, and Intra-group Risks across both operational and transformation activities.
• Prior experience within a regulated environment with a sound understanding of relevant regulatory frameworks and authorities (e.g., PRA, FCA, ICO, BoE, and EU regulations such as DORA).
• Experience working on large-scale, multi-year business and IT transformation programmes in either 1st, 2nd, or 3rd line of defence, or in a consultancy capacity.
• Knowledge of technology risk considerations in areas such as Build vs Buy, On-premise vs Cloud, In-house vs Outsourced Development, and Intra-group vs Local Service Delivery.
• Familiarity with technology standards and frameworks such as ITIL, COBIT, and NIST, and working knowledge of relevant regulatory expectations.
• Excellent written and verbal communication skills, with the ability to articulate risk topics clearly to both technical and non-technical audiences.
• Experience with at least one full implementation cycle of core business systems (e.g., Customer Lifecycle Management, Credit & Lending, Payments, Core Banking, or Finance platforms), including risk assessment of system integration and legacy decommissioning.

Organisation and Culture

The organisation promotes a collaborative and decentralised working culture, empowering teams to make decisions close to the customer and business areas they support. There is a strong emphasis on trust, respect, and professional autonomy, with a long-term approach to both business relationships and employee development.

The organisation is committed to diversity, equity, and inclusion, ensuring a workplace that welcomes all individuals regardless of background, age, disability, ethnicity, religion, gender identity, or orientation.

What’s in It for You

• A wide range of learning and development opportunities designed to support professional growth and career progression.
• Competitive compensation and benefits package, including private medical insurance, income protection, and life assurance.
• Market-leading pension contribution of 15% and access to a range of investment options.