Technology Risk Officer

Responsibilities will include: Working across the technology and product teams to analyse and better understand their risk profile and actively support them in how to manage and reduce risk; and design, implement and test controls. Performing risk and control assessments and deep dives within various product and technology teams to come up with actionable insights.  Proactively managing risks so that they are reducing and limiting major incidents, breaches or examples of non-compliance in technology risk. Establishing and running risk committees and working groups to help improve the risk posture of the organisation. Delivering technology risk insight for the Board & Executive Committees, including data-driven risk reports, and development of strong monitoring metrics (KRIs,BCIs). Regularly engaging with internal & external stakeholders on the group's IT risk posture. Driving effective implementation & communication of operational risk management policies & guidelines. Providing IT risk management consulting to the business, technical & operations groupsIdentifying and assessing the impact of technology risk on projects and develop mitigation strategies Requirements of an ideal candidate: Has good knowledge about IT infrastructure(Cloud), operations, software , hardware, tooling, data flows, change control, BC/DR etc. and the impact of these on an organisation’s posture, security policies, and operational resilience arrangements. Has a good understanding of the products, services and tooling related to technology product delivery using Agile and Devops kanban methodology. Can apply knowledge to contribute to the risk discussions related to these products and tribes. Policy Oversight & Challenge: Understands the hierarchy of Technology, Operations and Security Policies and Standards and is familiar with policy compliance and oversight processes. During interactions with 1LOD and other stakeholders, can adapt messages based on the audience and expectations and often uses examples and analogies that are meaningful to the audience. Delivers insight convincingly and with authority by drawing on previous experience or industry best practice. ERM Frameworks : Has a good understanding of and can identify risks. Can define risk appetite, risk impact and identify risk likelihood. Can define and apply the risk assessment process, the risk monitoring process and can measure risks against firms Risk Appetite at a detailed level across the risk reporting categories and their supporting risk areas. Risk and Control Self-Assessments : Has experience in the RCSA process, tools and frameworks. Can provide support to 1LOD in performing the control testing. STEM degree preferably Computer Science or IT. Desired Skills: Performed IT Audits or worked in 1LOD as a technology risk manager in a financial services or technology firmKnowledge and experience of industry and regulatory standards relating to Technology and Security (e.g. SOX, SOC2, ISO, COBIT,ITIL etc) .