Technology Risk Manager

A fantastic opportunity has arisen for a Technology Risk Manager to join our Governance, Risk and Compliance team! This is a 1LoD role where you'll be an IT Risk Subject Matter Expert for the CISO and Technology Services functions, conducting proactive and reactive IT risk assessments across multiple technology areas, recommending and facilitating appropriate responses and monitoring the delivery of any mitigations. You'll engage with Risk Owners to agree the current Risk Profile and actions to be within appetite as required.

What you'll be doing

• Identify and draw out technology risks through discussions, workshops, relevant meetings, and engagement with projects and programmes

• Identify, assess, manage and report on adherence to policy requirements and control effectiveness

• Undertake technology proactive and reactive risk assessments, or thematic reviews, and formulate recommendations to respond to identified technology risks, issues and events

• Manage technology risks, master action plans and events in the group Risk Management System

• Identify, anticipate and recommend the need for changes to methodologies/approaches in response to changing risk profiles and business needs, through the identification of emerging risks and through continuous assessment of the inherent and residual risk exposure

• Modelling and continuous improvement of the risk profile, through the development of risk measurement methodologies

• Engage with the Enterprise Risk team (2LoD), Internal Audit and senior stakeholders across the business to ensure Technology Services and Information Security functions operate within the defined risk appetite and issues are remediated within the specified timelines

• Provide strategic risk management advice on disruptive technologies and identify emerging risks associated with advances in technology and digital capabilities

• Ensure agility and continuous integration/deployment by embedding risk management and regulatory compliance into operating environment and organisational culture

• Establish the status of the risk profiles owned senior stakeholders, highlighting any changes in line with risk appetite.

What we're looking for

• Technology risk, information security, or IT Audit background

• 1LoD experience

• Strong analytical skills, with experience in undertaking risks assessments in a technology environment

• Excellent working knowledge of risk management tools, methodologies, control taxonomies and industry standard frameworks (NIST, ISO 27001, COBIT, PCI-DSS, ITIL, TOGAF)

• Excellent working knowledge of security technologies and processes, including network and application firewalls, host and network intrusion prevention, anti-virus, advanced endpoint protection, cryptography, public key infrastructure and identity management and federation

• Experience in infrastructure, application and cyber security architecture, technical risk and vulnerability assessments and/or managing issues identified from penetration testing

• Experience of working in cloud environment, ideally with platforms such as Microsoft Azure and AWS

• Experience of third-party relationships and identifying and managing the associated technology and information security risks

• Experience of threat modelling and assessing the impact of threat scenarios

• Excellent communication and stakeholder management skills and experience of preparing formal reporting for senior management

Hybrid working

Our mixed model way of working offers a 'best of both worlds' approach combining the best parts of home and office-working, offering flexibility for everyone. How much you'll be in the office depends on your role, and we'll consider the flexible working options that work best for you.

Read our flexible working approach here.

This is a hybrid role based out of our new London Bridge office, and you'll need to be in the office c.4-6x a month.

What we'll give you:
We wouldn’t be where we are today without our people and the wide variety of perspectives and life experiences they bring. That’s why we offer excellent benefits to suit your lifestyle and a flexible working model combining the best parts of home and office-working, varying with the nature of your role. Our core benefits include:

• 9% employer contributed pension

• Up to 10% annual bonus

• 25 days holiday (rising by 1 each year to 28) + bank holidays and option to buy or sell up to 5 days 

• 50% off home, motor and pet insurance, plus free travel insurance and Green Flag breakdown cover

• EV car scheme allows all colleagues to lease a brand new electric or plug-in hybrid car in a tax efficient way.

• Employee discounts and cashback

• Additional optional Health and Dental insurance

• Buy as you earn share scheme

• Plus many more!

Being yourself

Difference makes us who we are. We believe everyone should feel comfortable to bring their whole selves to work – that’s why we champion diverse voices, build workplaces that work for people, and invest in the things that matter. From senior leadership to inclusivity networks, adaptive working to inclusion training, we’ve made it our mission to give you everything you need to be authentically you. Discover more at directlinegroupcareers.com

Together we’re one of a kind.

#LI-BB1

#LI-HYBRID