Senior Manager, Cyber & Technology Risk

We are looking for an experienced cyber and technology risk professional with strong technical skills combined with the ability to communicate with and influence both technical and non technical senior management.

• Provide technical 2nd line oversight of Cyber and Technology, ensuring risks are identified and escalated to appropriate senior stakeholders. Work with the 1st line to improve controls and risk management.
• Facilitate the ongoing effectiveness of the Information Security Risk Oversight Committee (ISROC).
  • Use a risk based approach to identify appropriate topics for the agenda.
  • Ensure high quality submissions and brief senior stakeholders on key topics prior to the committee.
  • Provide direct challenge to first line senior management at the committee when required.
• In response to requests from senior management or governance committees, undertake risk based reviews of key cyber security and technology processes and controls, ensuring findings are appropriately risk assessed and that management identifies mitigation plans.
• Develop strong and effective working relationships across all 3 lines of defence to facilitate effective identification, management and remediation of cyber and technology risks.
• Review and interpret Red/ Purple Team test results, identify key messages and articulate them to non technical audiences via briefings.
• Demonstrate strong understanding of effective response and recovery strategies for cyber incidents.
• Apply insights from experience within leading financial services firms to drive enhancements across cyber and technology risk.
• Draft entity board level reports for senior leadership and governing bodies.
• Present confidently at governance committee meetings when required.

• Significant, demonstrable experience in technology and cyber risk within a control/risk environment (e.g., Internal Audit, 1st Line or 2nd Line Risk/Control).
• Strong hands on technical understanding of cyber risk, including key security domains, common control frameworks and how to assess control effectiveness.
• Experience within Financial Services, ideally asset or wealth management, with understanding of regulatory expectations and risk governance.
• Excellent written communication and attention to detail, with the ability to produce clear, accurate, audience appropriate reporting for senior and non technical stakeholders.
• Strong analytical and problem solving skills, able to interpret complex information, identify root causes and form sound risk based judgements.
• Strong stakeholder management and influencing skills, with a collaborative, team oriented approach and confidence to provide robust challenge where needed.

• Professional certifications in information security/technology risk (e.g., CISA, CISM, CISSP or equivalent).
• Knowledge of asset or wealth management products, operating models and technology landscape.
• Consulting/Big Four experience, including delivering risk assessments and presenting findings to senior stakeholders.
• Experience in a 1st line technology or cyber security function, partnering closely with engineering/security teams.
• Broader banking experience (investment or retail) in a 1st or 2nd line technology/cyber risk capacity.

We recognise potential, whoever you are. Our purpose is to provide excellent investment performance to clients through active management. Diversity of thought, facilitated by an inclusive culture, will allow us to make better decisions and better achieve our purpose. This is why inclusion and diversity are a strategic priority for us and why we are an equal opportunities employer. You are welcome here, regardless of your age, disability, gender identity, religious beliefs, sexual orientation, socio economic background, or any other protected characteristic.