Technology & Security Risk Lead

Technology & Security Risk Lead

Location: London, United Kingdom (Hybrid)

Salary: Competitive

Permanent

Technology & Security Risk Lead | Financial Services | London, UK (Hybrid)

Company Overview

We’re working with a prominent financial institution, specialising in the security and management of defined benefit pension funds. At the core of their mission is the commitment to delivering pensions reliably and securely to policyholders. Renowned for its strong risk management practices, the dedicated Risk Team plays a pivotal role in supporting the overall success of the business. With a keen focus on compliance and industry recognition for its expertise, the leadership team brings extensive experience in navigating the UK regulatory landscape and the intricacies of the insurance and investment industry. This is a unique opportunity to be part of a purpose-driven organisation at the forefront of the financial services sector.

Role Overview

As the Technology and Security Risk Lead, you will be responsible for leading the risk framework related to IT, Information & Technology Security, TP&O, and Physical Security Risk. Your role is crucial in providing insight and assurance reporting to the Head of Non-Financial Risk, identifying current and emerging risks, and advising on risk management techniques aligned with regulatory expectations and industry best practices.

Key Responsibilities

• Lead the development and maintenance of the Technology and Security Risk Framework.
• Advise on first-line policies supporting the management of IT, Information & Technology Security, TP&O, and Physical Security risks.
• Provide insight on new, evolving, and emerging threats in these areas relevant to the financial services industry.
• Support, challenge, and advise CTO, CISO, TP&O, and their teams on strategies, projects, policies, and standards.
• Contribute to risk records, Risk Management Framework, risk appetite, key risk indicators, and governance framework.
• Review and validate IT, Information & Technology Security, TP&O, and Physical Security elements of the risk appetite framework.
• Coordinate and undertake ORSA stress and sensitivity testing, contributing to annual ORSA work.
• Provide oversight and advice on action and closure of security risk incidents, including third-party assessments.
• Liaise with Internal Audit and Compliance, and assist in the Integrated Assurance Plan and Report preparation.
• Represent the business at relevant external forums and engage in decision-making processes as necessary.

Person Specification

Essential

• Experience in developing, embedding, and maintaining risk frameworks.
• Knowledge of IT, Information & Technology Security, TP&O, and physical security, including legal and regulatory requirements.
• Ability to distil and articulate technical information and communicate concepts to diverse stakeholders.
• Excellent report writing and presentation skills at MRC and BRC level.
• Relevant qualifications such as CRISC, CISSP, CISM, or CISA.
• 5-10 years of prior experience in IT risk management within financial services.

Desirable

• Experience in ORSA processes and IT risk scenario development and assessment.
• Familiarity with the UK regulatory environment and the insurance or investment industry.

This is a rare opportunity to make an impact at a company with a foundation of strong values, such as providing security, embracing new ideas, delivering excellence, and being purposeful.

Work alongside some really smart people, a compassionate executive team, in a collaborative no-blame culture, who have the mindset of doing the right thing.

We are committed to creating an inclusive and diverse workplace. Research indicates that candidates, especially from underrepresented backgrounds, often hesitate to apply for jobs if they don’t meet every qualification.
If you’re excited about a role here but don’t perfectly align with every requirement, we encourage you to apply. Your unique skills and experiences may be the perfect fit for the job or other opportunities that arise.