About the Role
Technology risk doesn't stay still — and neither does regulatory scrutiny of it. This role exists to make sure that when things go wrong, the right people know, the right actions follow, and the institution can demonstrate both to those who ask.
Sitting within the first line of defence, this is a senior governance role for someone who has spent meaningful time inside financial institutions and understands how technology risk actually moves through an organisation — not just how it looks in a framework document. You will own how technology incidents and risk issues are tracked, escalated, reported, and closed, and you will be the person leadership and regulators turn to when they need a clear picture.
What You'll Do
- Serve as the central point of accountability for technology incident oversight — ensuring material events are properly assessed, escalated, and reported to the right levels of management and to regulators within required timeframes
- Produce and own governance reporting on technology risk for senior leadership and board-level committees, translating complex risk data into clear narratives that drive informed decision-making
- Maintain a forward-looking view of the technology risk landscape by tracking patterns across incidents, audit findings, and control weaknesses; surface emerging concerns before they become significant exposures
- Lead regulatory engagement on technology risk and incident matters, acting as the institution's primary point of contact and ensuring responses are accurate, complete, and submitted on time
- Challenge technology and operations teams on the rigour and sustainability of their risk remediation — not just whether issues are closed, but whether they are genuinely resolved
- Shape how technology risk governance operates in practice: driving committee effectiveness, strengthening escalation pathways, and ensuring risk culture is lived rather than documented
What You'll Bring
- Significant experience in technology or information risk within a regulated financial institution, with a track record that includes direct regulatory engagement and senior stakeholder reporting
- The ability to write — clearly, precisely, and under pressure; this role produces materials that go to regulators and executive leadership, and the quality of that output matters
- A grounded understanding of how banking technology environments are built and operated, sufficient to assess the real-world impact of incidents and the credibility of proposed fixes
- Familiarity with the regulatory expectations that govern technology risk, incident reporting, and operational resilience in financial services
- The interpersonal range to be both a trusted adviser to technology teams and a credible, composed voice in front of regulators and governance forums
- Professional certifications in risk or information security (e.g. CRISC, CISA, CISM, CISSP) are advantageous