We can consider hybrid or fully remote work in the UK.We’re looking for a self-motivated and driven individual with apassion for technology risk management who is looking for anexciting role as a technology risk subject matter expert within thesecond line of defence (2LoD) Chief Risk Office. You will provideexpertise, advice and independent challenge around the Technologyrisk and control environment and play a crucial role in developingthe technology risk strategy to protect Aztec fromtechnology-related threats while enabling business growth andinnovation. This role offers the successful candidate extensiveopportunities for development and the opportunity to apply theirknowledge of technology risk at a senior level within a financialservices environment. Key responsibilities: - Development anddelivery of Aztec’s technology risk strategy in line with the ERMFand the Chief Risk Office roadmap, regulatory requirements andindustry best practice, such as COBIT5 / ITIL. - Ensure that keystrategic risks and controls associated with cloud infrastructure,AI, data management, and wider digital transformation areappropriate covered within the ERMF. - Develop, monitor andchallenge the effectiveness of risk appetite and Key RiskIndicators (KRIs). - Work with the Chief Risk Office and TechnologyLeadership to establish a robust risk governance model for managingTechnology risks. Risk Identification, Assessment and Mitigation -Lead the 2LoD oversight of Technology risks including identifying,assessing and monitoring risks related to technologyinfrastructure, cyber security, data, AI and resilience. - Overseeand challenge the Technology risk and control environment,including both their Principal and Risk and Control Self-Assessment(RCSA) processes. - Conduct independent assurance reviews wherenecessary to assess the design and application effectiveness oftechnology controls. - Lead the 2LoD oversight of the management oftechnology vendor risks ensuring that key technology vendors haveappropriate controls in place to maintain their robustness andresilience. - Oversee technology issues management and riskacceptance processes. - Lead on the 2LoD review of materialTechnology Incidents and Risk Events ensuring that actual /potential losses, fix details and root cause analysis is reportingin a timely and accurate manner within risk governance. - Strategicchallenge of 1LoD identification and evaluation of risks associatedwith technology regulatory change and compliance (e.g., DORA, EUArtificial Intelligence Act). - Strategic challenge of 1LoD riskmitigation strategies. Risk Reporting and Insights - Timely andmeaningful production of 2LoD risk reports, dashboards and insightsfor various levels of risk governance (e.g., executive and boardlevel committees) highlighting key vulnerabilities and theappropriateness of mitigation strategies. - Escalate materialtechnology risks and issues within the Chief Risk Office and towider risk governance and recommend appropriate mitigation. -Provide insightful data driven technology risk analysis supportrisk-based decision-making. - Report emerging technology riskswithin risk governance as part of integrated risk reporting. -Provide subject matter expertise on emerging technology risks,including cloud security, AI, operational resilience, and dataprivacy. Risk Culture and Awareness - Take a lead role in embeddinga strong risk culture across Technology functions. - Drive riskmaturity within Technology functions and regularly assess againstAztec’s Risk Maturity Model, reporting outcomes / areas of focuswithin risk governance. - Make risk meaningful and relevant to keystakeholders through training and awareness materials and sharingbest practice in clear easy to understand language. - Delivertraining programmes on technology, cyber, and resilience risks. -Strategic challenge of Aztec’s technology, data, AI and cybersecurity strategies, and be able to articulate and assess theassociated risks. - Lead 2LoD oversight on Technology relatedtransformation initiatives including attendance at projectSteerCo’s to provide independent challenge and advice. - Act as asubject matter expert on AI including providing effective 2LoDoversight and challenge on the implementation of Aztec’s AIstrategy and AI Risk Management Framework. Stakeholder Management /Line Management - Be a trusted 2LoD partner to Technology functionscultivating effective relationships and networks and be seen as anescalation point for technology risk related queries and advice. -Partner with 1LoD business colleagues to enhance resilience,mitigate technology and cyber risks, and integrate riskconsiderations into Technology strategy and operations. - Providethought leadership to clients and other senior stakeholders. -Attend risk governance committees as a senior Chief Risk Officerepresentative including the Information Security Forum and DataGovernance and AI Committee. - Represent, as required, the ChiefRisk Office as the technology risk SME at executive and board levelrisk committees. - Be a 2LoD contact point for auditors, clients,and other external stakeholders. - Actively manage the performanceand development of direct reports ensuring a structured andmotivating environment and results driven approach. Skills,knowledge, expertise: Qualifications and experience - Priorexperience within a financial services or Fintech environment. -Educated to degree level in a relevant subject and / or hold atechnology professional qualification. - Deep technical knowledgeof technology related regulation (e.g., DORA, GDPR, EU AI Act). -Experience with third-party and outsourcing risk, AI and digitaltransformation risks. - Experience of developing and operatingTechnology Risk Management Frameworks such as ITIL, COBIT, NIST,ISO. - Demonstrable extensive relevant experience of technology andchange / operational risk in either a 1LoD or 2LoD capacity (2LoDpreferable). - Experience in scenario analysis and resilienceimpact assessments would be advantageous. Core skills andcompetencies - A strong working knowledge of Microsoft productsincluding Excel and Word, strong analytical skills and ability toprovide risk intelligence analysis. - Highly developed written andverbal communication skills and demonstrable experience interfacingwith senior stakeholders to establish relationships and become atrusted advisor. - An ability to apply technical knowledge in apractical and balanced manner and balance commercial issues andbusiness objectives within the confines of the ERMF. -Independently minded and able to challenge constructively andprofessionally. - Result orientated, self-motivated, capable ofplanning and managing own workload and negotiating, influencing andbuilding consensus in a challenging environment. - Advancedpresentation skills including the use of Microsoft PowerPoint andability to produce concise Executive level risk reports. We willprovide the training, both in-house for relevant technicalknowledge and also professional qualifications to enhance yourprofessional development. You will need to be quick to learn newsystems and great with people, as close working relationshipsbetween our colleagues and clients is at the heart of what we do.#J-18808-Ljbffr
