1 to 25 of 52 Permanent Risk Assessment Jobs in London

help shape the future of finance, Paynetics is where your work will make a difference on a global scale. Paynetics UK is seeking an experienced and pragmatic Third Party Risk Manager to design, implement, and oversee the firm’s third party and outsourcing risk management framework. This role is pivotal in ensuring compliance with FCA outsourcing and operational … management in financial services, combined with the ability to deliver practical oversight and advice in a fast-paced environment. What you'll do: 1. UK Outsourcing and Third Party Risk Framework • Lead the design, development, and maintenance of Paynetics UK’s Third Party Risk Management Framework, ensuring compliance with FCA rules (SYSC 8, operational resilience, DORA, and PRA … SS2/21 where applicable). • Define risk appetite, governance structures, and control standards for outsourcing and vendor management. • Ensure proportionate oversight and due diligence aligned with the materiality of services and regulatory requirements. • Maintain an up-to-date Outsourcing and Third Party Register, ensuring that risk assessments and contract records remain current and accurate. 2. Group-Level More ❯

help shape the future of finance, Paynetics is where your work will make a difference on a global scale. Paynetics UK is seeking an experienced and pragmatic Third Party Risk Manager to design, implement, and oversee the firm’s third party and outsourcing risk management framework. This role is pivotal in ensuring compliance with FCA outsourcing and operational … management in financial services, combined with the ability to deliver practical oversight and advice in a fast-paced environment. What you'll do: 1. UK Outsourcing and Third Party Risk Framework • Lead the design, development, and maintenance of Paynetics UK’s Third Party Risk Management Framework, ensuring compliance with FCA rules (SYSC 8, operational resilience, DORA, and PRA … SS2/21 where applicable). • Define risk appetite, governance structures, and control standards for outsourcing and vendor management. • Ensure proportionate oversight and due diligence aligned with the materiality of services and regulatory requirements. • Maintain an up-to-date Outsourcing and Third Party Register, ensuring that risk assessments and contract records remain current and accurate. 2. Group-Level More ❯

Senior Risk Manager – Technology and Change (Second Line) Job Introduction The Risk function serves as the independent risk control unit within the organisation, acting as the second line of defence (2LOD) and providing oversight and challenge across the organisation’s principal risks — including credit, financial, and operational risks. The Technology and Change Risk Team is responsible … for risk oversight of IT Risk, Data Risk, Information Security, Change Management, Operational Resilience, and Intra-Group Risk. The team also ensures there is a consistent and objective view of all technology-related risks, as well as shared risks between Business and IT such as Payments Risk, Third Party Risk, and Operational Resilience. The function … the organisation’s business lines and supporting functions. Main Responsibilities The role holder will be expected to take ownership or contribute to the following key areas throughout the year: Risk Advisory and Guidance Independent Risk Oversight Annual Regulatory Returns Change Oversight and Change Assurance Ideal Candidate Proven experience working directly with senior Technology leadership (e.g., Heads of Functions More ❯

Senior Risk Manager – Technology and Change (Second Line) Job Introduction The Risk function serves as the independent risk control unit within the organisation, acting as the second line of defence (2LOD) and providing oversight and challenge across the organisation’s principal risks — including credit, financial, and operational risks. The Technology and Change Risk Team is responsible … for risk oversight of IT Risk, Data Risk, Information Security, Change Management, Operational Resilience, and Intra-Group Risk. The team also ensures there is a consistent and objective view of all technology-related risks, as well as shared risks between Business and IT such as Payments Risk, Third Party Risk, and Operational Resilience. The function … the organisation’s business lines and supporting functions. Main Responsibilities The role holder will be expected to take ownership or contribute to the following key areas throughout the year: Risk Advisory and Guidance Independent Risk Oversight Annual Regulatory Returns Change Oversight and Change Assurance Ideal Candidate Proven experience working directly with senior Technology leadership (e.g., Heads of Functions More ❯

quantify, and govern AI agents operating with autonomy in production environments. If you've been following the trajectory from static models to agentic systems—and the corresponding explosion in risk surface area—you know why this matters now. About governr governr is the AI risk platform for regulated enterprises. We provide complete AI visibility, real-time risk eval and quantification, and audit-ready compliance docs for enterprises deploying agentic AI. We've built the industry's most comprehensive AI risk assessment framework: We're currently in active discussions with tier-1 financial institutions and have secured design partners with leading firms navigating the shift from analytical AI to agentic systems. The market timing is … critical: enterprises are deploying agents at scale, regulators are demanding governance frameworks, and existing Third-Party Risk Management (TPRM) platforms have near-zero AI-risk depth. We have an estimated 18-24 month competitive window before large incumbents build comparable capabilities to stay relevant. The Role As an Agentic Developer at governr, you'll build the core systems More ❯

quantify, and govern AI agents operating with autonomy in production environments. If you've been following the trajectory from static models to agentic systems—and the corresponding explosion in risk surface area—you know why this matters now. About governr governr is the AI risk platform for regulated enterprises. We provide complete AI visibility, real-time risk eval and quantification, and audit-ready compliance docs for enterprises deploying agentic AI. We've built the industry's most comprehensive AI risk assessment framework: We're currently in active discussions with tier-1 financial institutions and have secured design partners with leading firms navigating the shift from analytical AI to agentic systems. The market timing is … critical: enterprises are deploying agents at scale, regulators are demanding governance frameworks, and existing Third-Party Risk Management (TPRM) platforms have near-zero AI-risk depth. We have an estimated 18-24 month competitive window before large incumbents build comparable capabilities to stay relevant. The Role As an Agentic Developer at governr, you'll build the core systems More ❯

think innovatively, and listen to each other and customers in meaningful ways. Moody's is transforming how the world sees risk. As a global leader in ratings and integrated risk assessment, we're advancing AI to move from insight to action-enabling intelligence that not only understands complexity but responds to it. We decode risk to unlock … into actions, and uphold trust through integrity. The Director, Tech Advisory is a senior leader within Moody's Insurance Business Unit, responsible for shaping the future of insurance analytics, risk management, and workflow transformation. You will lead a high performing team of technical architects, specialists, and developers, delivering innovative solutions that redefine client risk workflows and unlock new … and market innovators - you will design and demonstrate cutting edge architectures, proof of concept analytics, and migration strategies that help clients realize the full potential of Moody's Intelligent Risk Platform (IRP) and broader risk and data offerings. This is both a strategic and hands on role: you will champion best practices, enforce technical and architectural standards, and More ❯

months Central Government experience in the last 5 years is strongly preferred. As an Aker Lead Security Architect, you will be a recognised subject matter expert in security, risk management and compliance with demonstrable experience in highly regulated industries, specifically UK Government and/or Defence. You will build effective working relationships with delivery team members and Aker customers … testing (e.g ITHC) of solutions on the public cloud (Azure, AWS, GCP), cloud native platforms (Docker, Kubernetes, etc.), and Software as a Service (SaaS) solutions. Formulate HMG Information Assurance Risk Assessment and Risk Treatment Plans Establish security requirements for cloud-based solutions by evaluating business strategies and requirements, implementing security standards such as ISO 27000 series, NIST … CSF, and CSA Identify and deliver appropriate controls based on industry standards (e.g. CCM) to drive cloud and customer security solutions framework based on business risk and cloud native threats. Provide oversight and guidance on government security procedures and processes. Continually evaluate new threats in the cloud, to identify the impact on IT and the business to develop and More ❯

will be essential, to actively go out and discover items of potential interest to the team, ensuring that there is collaboration between the architects, SOC engineers and analysts, and risk managers to deliver a documented risk-based response to the present and future of anything that may be found. Main responsibilities As Cyber Threat and Vulnerability Manager your … day-to-day role will involve the need to:?? Working with the Security Leadership team to develop a strategic road map for an effective vulnerability detection, assessment, remediation, and threat intelligence program. Line management of the threat and vulnerability management team. Building sustainable relationships to champion the adoption of vulnerability and threat management, compliance, and penetration testing program across … the department's systems, networks, and applications. Recommend remediation strategies and provide advice on complex configuration changes in support of vulnerability remediation.?? Drive prioritisation of those vulnerabilities through a risk-based approach, to meet common organisational objectives such as regulatory compliance and audit functions.??? Development and maintenance of actionable key performance and risk indicators (KPI's & KRI's More ❯

by assessing the risks associated with third-party vendors and internal projects, identifying vulnerabilities, and recommending appropriate mitigation strategies. You’ll work closely with cross-functional teams — including IT, Risk & Compliance, Procurement, and Project Management — to ensure adherence to security frameworks and continuous improvement of the firm’s information security governance. Role Responsibilities: Security Risk Assessment Evaluate … security risks associated with internal projects and third-party vendors, considering factors such as security, privacy, and compliance. Conduct and document vendor risk assessments in line with the firm’s ISMS and governance frameworks. Identify vulnerabilities, assess potential threats, and recommend proportionate mitigation or acceptance strategies. Information Security Governance Ensure compliance with internal security policies, standards, and procedures for … with procurement teams to evaluate and manage security risks associated with vendors. Review and assess vendor security documentation, such as questionnaires, audits, and certifications, to evaluate their security posture. Risk Management & Compliance Apply structured risk management principles to identify, prioritise, and manage information security risks. Collaborate with senior stakeholders, project managers and technical teams, to identify and assess More ❯

by assessing the risks associated with third-party vendors and internal projects, identifying vulnerabilities, and recommending appropriate mitigation strategies. You’ll work closely with cross-functional teams — including IT, Risk & Compliance, Procurement, and Project Management — to ensure adherence to security frameworks and continuous improvement of the firm’s information security governance. Role Responsibilities: Security Risk Assessment Evaluate … security risks associated with internal projects and third-party vendors, considering factors such as security, privacy, and compliance. Conduct and document vendor risk assessments in line with the firm’s ISMS and governance frameworks. Identify vulnerabilities, assess potential threats, and recommend proportionate mitigation or acceptance strategies. Information Security Governance Ensure compliance with internal security policies, standards, and procedures for … with procurement teams to evaluate and manage security risks associated with vendors. Review and assess vendor security documentation, such as questionnaires, audits, and certifications, to evaluate their security posture. Risk Management & Compliance Apply structured risk management principles to identify, prioritise, and manage information security risks. Collaborate with senior stakeholders, project managers and technical teams, to identify and assess More ❯

process information and make actionable recommendations. What you will do: Create high-quality, clear, actionable, "must-have research" content in Audit Planning and Risk. Specific focus areas will include Risk assessment and audit planning, risk trends and audit response, aligned assurance, and IT Audit. Research, analyze and predict internal audit trends and shifts and provide clients with More ❯

organisations navigate complex business challenges with confidence. With a strong presence in the UK, we partner with companies across industries to deliver best-in-class advisory services in accounting, risk, cyber security, technology, and business transformation. We pride ourselves on combining technical expertise with a practical, hands-on approach, helping our clients strengthen resilience, meet regulatory requirements, and stay … ahead in an increasingly digital and risk-driven landscape. Technical and Domain Experience: · Conduct cybersecurity maturity and risk assessment and for clients. · Practical experience implementing security controls, in areas such as MDR, IAM, Network Security, Cloud Deployments. · Advise clients on cybersecurity strategy, metrics and reporting for various levels of stakeholders, including Audit Committees and Board of Directors. … Build risk management practices for clients, including policies, procedures, Risk Register, etc. · Previous experience as a systems administrator, systems engineer, or security analyst. · Understanding of operating system hardening principles, network design principles, and systems security. · Guide clients in establishing cybersecurity policies, standards, and procedures. · Manage cybersecurity training & awareness services for clients from design to implementation. · Understanding of security More ❯

tools and technologies such as SIEM (Splunk), vulnerability management (Tenable), and PAM Strong understanding of security frameworks and standards (e.g., ISO 27001, NIST), as well as asset management and risk assessment solutions It would be a real bonus if you have: Master's degree in Computer Science, Information Security, or a related field Experience or understanding of SOC More ❯

sensitive in nature. These include but not limited to front to back(f2b), multi-entity, multi-business area impacting initiatives. In addition these may be high budget, high change risk projects, along with multi-year duration - potentially structured as a programme with multiple project workstreams. Projects may include combination of strategic business change, regulatory, and IT components - so close … other senior members of team to help drive BOW. Contribute to IPC, EDF & Other forums - delivery and continuous improvement of the forum which ensures project delivery assurance of high risk, high profile projects in order to provide visibility and alignment across MUFG EMEA, Securities International and support the Deputy Regional Executive in achieving the EMEA/International Strategy and … individual Function Medium Term Business Plans ("MTBP").") goals. Chair the Risk Assessment Forum (RAF) and ensure the RCSA is maintained across all teams in CTO, engaging with team owners to ensure it is up to date and adequate control frameworks are in place for each sub-function. Post Blue Day 2, provide a six month warranty period More ❯

financial services is essential. Experience designing Target Operating Models or strategic business blueprints at programme or enterprise level (not just project level). Deep understanding of the Compliance and Risk landscape, including: Policy and control frameworks Risk assessment and monitoring Investigations, sanctions, and anti-financial crime The Three Lines of Defence model Strong knowledge of business architecture … deliverable for the next stage of programme execution. Act as a trusted advisor during implementation, ensuring designs are translated into practical, scalable solutions. Support stakeholder engagement across senior compliance, risk, and technology leaders, ensuring buy-in for the proposed operating model. Designing the Target State Business Architecture for EMEA, including capability maps, operating models, and value streams. Collaborating with … Technology, Data Architects, Compliance, and Risk SMEs to develop a holistic design that aligns with business strategy. Recommending a comprehensive roadmap to implement the Target State, balancing business outcomes, costs, and risks. Supporting project teams to ensure alignment with the Target State Business Architecture. Leading best practises in business design and process engineering to enhance operational efficiency. Your Key More ❯

financial services is essential. Experience designing Target Operating Models or strategic business blueprints at programme or enterprise level (not just project level). Deep understanding of the Compliance and Risk landscape, including: Policy and control frameworks Risk assessment and monitoring Investigations, sanctions, and anti-financial crime The Three Lines of Defence model Strong knowledge of business architecture … deliverable for the next stage of programme execution. Act as a trusted advisor during implementation, ensuring designs are translated into practical, scalable solutions. Support stakeholder engagement across senior compliance, risk, and technology leaders, ensuring buy-in for the proposed operating model. Designing the Target State Business Architecture for EMEA, including capability maps, operating models, and value streams. Collaborating with … Technology, Data Architects, Compliance, and Risk SMEs to develop a holistic design that aligns with business strategy. Recommending a comprehensive roadmap to implement the Target State, balancing business outcomes, costs, and risks. Supporting project teams to ensure alignment with the Target State Business Architecture. Leading best practises in business design and process engineering to enhance operational efficiency. Your Key More ❯

UKAS , ISO 17021-1 , and ISO 19011 principles. Support technical reviews, certification decisions, and internal auditor development. Maintain up-to-date knowledge of information security, data protection, and cyber-risk frameworks. Essential Qualifications and Experience Successfully completed an ISO/IEC 27001:2022 Lead Auditor course (IRCA-approved or equivalent). At least four years experience in information security … auditing. Proven track record conducting third-party ISO 27001 audits for a UKAS-accredited certification body. Strong working knowledge of Annex A controls , ISO/IEC 27002 , and ISMS risk assessment methodologies . Familiarity with ISO 17021-1 , ISO 19011 , and UKAS accreditation processes. Excellent written and verbal communication skills. Willingness and ability to travel across London and More ❯

Manager to join their growing team. The company specializes in providing data-driven insights that help financial institutions, including banks and mortgage lenders, make smarter decisions around property values, risk assessment, and market trends. Their products are central to supporting faster and more accurate decision-making, particularly when it comes to valuing properties and assessing risk without … applying data insights across various sectors in banking and financial services. What We're Looking For: 5-7 years of experience in analytics, ideally within financial services, mortgages, credit risk, or a related domain. Prior experience managing or mentoring a team, or a strong interest in stepping into a management role. Strong technical skills, including proficiency in Excel, SQL More ❯

accounts and access. Implementation: Lead the deployment and configuration of PAM solutions, such as CyberArk, BeyondTrust, or other relevant technologies, ensuring they are properly integrated with existing IT infrastructure. Risk Assessment and Management: Conduct regular risk assessments related to privileged access, identifying potential security risks and vulnerabilities, and developing mitigation strategies. Governance and Compliance: Ensure that PAM More ❯

direction, and ensuring security-by-design across complex AI systems and data pipelines. You’ll define and deliver AI security strategies, develop reference architectures, and provide expert guidance on risk management, data protection, and ethical AI governance. You’ll also play a key role in client engagement, helping shape proposals, define solutions, and drive pre-sales activity. To justify … consulting experience and commercial awareness alongside deep technical expertise. Key areas of focus Define and implement enterprise-level AI/ML security strategies, policies, and architectures. Lead on AI risk assessment, threat modelling, and mitigation planning. Ensure compliance with GDPR, the EU AI Act, and international security frameworks (ISO 27001, NIST, TOGAF, SABSA). Build and maintain secure More ❯

direction, and ensuring security-by-design across complex AI systems and data pipelines. You’ll define and deliver AI security strategies, develop reference architectures, and provide expert guidance on risk management, data protection, and ethical AI governance. You’ll also play a key role in client engagement, helping shape proposals, define solutions, and drive pre-sales activity. To justify … consulting experience and commercial awareness alongside deep technical expertise. Key areas of focus Define and implement enterprise-level AI/ML security strategies, policies, and architectures. Lead on AI risk assessment, threat modelling, and mitigation planning. Ensure compliance with GDPR, the EU AI Act, and international security frameworks (ISO 27001, NIST, TOGAF, SABSA). Build and maintain secure More ❯

the transformation of a large-scale enterprise's threat and vulnerability landscape. This role is focused on rebooting the organisation’s vulnerability management capabilities to deliver a more dynamic, risk-based view of threats across cloud, hybrid, and on-prem environments. You’ll be responsible for designing and implementing a modern exposure management framework that enables real-time visibility … and lead the implementation of an enterprise-wide exposure management strategy. Identify and assess digital assets, attack surfaces, and potential vulnerabilities. Develop and apply exposure scoring models to evaluate risk in context. Recommend and support the selection of appropriate security tools and platforms. Collaborate with engineering, security, and leadership teams to tailor risk reporting and remediation strategies. Maintain … continuous monitoring and adapt to evolving environments (cloud, remote work, DevSecOps pipelines). What You’ll Bring Proven experience in Exposure Management , including: - Asset Identification - Attack Surface Mapping - Risk Assessment - Prioritisation & Remediation - Continuous Monitoring Strong understanding of exposure scoring systems (e.g., VPR, ACR, contextual risk). Hands-on experience with tools such as Qualys, Tenable, Rapid7 . More ❯

the transformation of a large-scale enterprise's threat and vulnerability landscape. This role is focused on rebooting the organisation’s vulnerability management capabilities to deliver a more dynamic, risk-based view of threats across cloud, hybrid, and on-prem environments. You’ll be responsible for designing and implementing a modern exposure management framework that enables real-time visibility … and lead the implementation of an enterprise-wide exposure management strategy. Identify and assess digital assets, attack surfaces, and potential vulnerabilities. Develop and apply exposure scoring models to evaluate risk in context. Recommend and support the selection of appropriate security tools and platforms. Collaborate with engineering, security, and leadership teams to tailor risk reporting and remediation strategies. Maintain … continuous monitoring and adapt to evolving environments (cloud, remote work, DevSecOps pipelines). What You’ll Bring Proven experience in Exposure Management , including: - Asset Identification - Attack Surface Mapping - Risk Assessment - Prioritisation & Remediation - Continuous Monitoring Strong understanding of exposure scoring systems (e.g., VPR, ACR, contextual risk). Hands-on experience with tools such as Qualys, Tenable, Rapid7 . More ❯

Process improvement - Identify inefficiencies in workflows, proposing automation or process improvements. Project management - Drive delivery of software and hardware initiatives, managing scope, timelines, and dependencies across cross-functional teams. Risk assessment - Anticipate technical and operational risks to delivery, proposing mitigations early in the project lifecycle. Required Skills/Experience The successful candidate will have a strong and positive More ❯