Manager: IT Risk Management

Why this role matters

We’re strengthening our IT risk capability to support how we build, deliver and scale technology. This role plays a key part in helping us move fast without losing sight of risk, control and accountability. You’ll lead a team that provides independent insight and challenge across information, technology and project risk. Your focus will be practical risk management — helping teams make better decisions, not slowing them down. If you’re a people leader who enjoys partnering with senior stakeholders and turning risk into clear, usable guidance, this role is for you. This is a vibrant, fast-paced environment where you can use technology to support risk services. You’ll have valuable opportunities to work with Group IT Risk Management, executive leadership, and regulatory bodies.

What you’ll do

This role will assist in leading our IT Risk Management function and help embed strong, consistent risk practices across our technology environment.
Your responsibilities will include:

• Providing independent oversight, advice and challenge on information, technology and project risks
• Leading risk identification, assessment and treatment across technology platforms and projects
• Performing and guiding risk and control assessments, including third‑party and supplier risk
• Building a strong risk culture by improving awareness, engagement and consistency
• Turning the function’s business plan into clear priorities, practical processes and measurable outcomes
• Leading and developing a team (minimum four direct reports) through coaching, feedback and performance management
• Contributing to governance and assurance through clear reporting, insight and stakeholder engagement

What will help you stand out

• A Bachelor’s Degree in Information Technology or a related field
• Professional certifications such as CISM, CISA, CISSP or CRISC
• Banking or financial services experience, including exposure to BCBS‑239 principles
• Experience with continuous auditing or technology assurance practices

Knowledge of:

• Cyber security and cloud platforms (e.g. AWS, Azure or Google Cloud)
• Data management and governance
• Analytics and model management
• Core banking systems and technology operations
• Incident response and recovery
• Software development life cycle
• Software engineering and architecture
• Data analytics relevant for risk management
• Artificial Intelligence and Generative AI
• Software engineering and architecture
• Data analytics relevant for risk management
• Artificial Intelligence and Generative AI

Minimum Experience

• A Bachelor’s Degree in Information Technology or a related field
• Minimum of 7+ years’ experience in IT risk, information risk, technology controls or information security risk
• Experience conducting risk and control assessments
• Working knowledge of recognised risk and control frameworks (for example COBIT, ISO, COSO, ISF, DAMA, DM‑BOK)
• A basic understanding of agile ways of working and project delivery
• Proven people management experience
• Strong communication, decision‑making, problem‑solving and reporting skills 

Qualifications (Ideal or Preferred)

Conditions of Employment