IT Systems and Security Risk Specialist Senior Manager

End Date

We Support Flexible Working – Click here for more information on flexible working options

Flexible Working Options

Job Description Summary

Job Description

Work location - Hyderabad
YOE: 16-25

 

What you'll need!

The ability to demonstrate the following skills & behaviours:

Experience in developing, maturing, or contributing to Enterprise Risk Management Frameworks (ERMF), including setting risk appetite, and defining control objectives. Considered a deep subject matter expert with a strong depth of understanding of the latest Operational Risk frameworks and technology being used across financial and non-financial services to enable them to lead a specialist risk centre of excellence, and experience shaping and driving the strategy and implementation of Technical and Security Risk Management Frameworks. Detailed knowledge of key technology, security, operational and supplier risk domains, ideally ones facing regulated financial services groups, with a proven ability to translate complex risk insights into clear actionable advice. Experience in effectively interpreting new operational risk regulations and emerging technology innovations (inc. AI, Digital Ledger Technology, Quantum, Cloud, 3rd-party concentration risk) with foresight and practical judgement. Assimilating different sources of data and complex information to effectively problem-solve and make relevant conclusions and recommendations. Having deep knowledge of relevant laws, regulations and industry best-practice and using that knowledge to establish the risk appetite, policies, control objectives and performance indicators across the technology and security landscape, and demonstrates ability to interpret new operational risk regulation, emerging risks and technology innovations with forethinking to anticipate the impact of changes on the Group and act accordingly. Effective communication skills to build partnerships and work collaboratively with others, including Risk Owner, Control Owner and Control Office to meet shared objective. Demonstrated ability to influence, challenge and guide senior decision‑makers—balancing commercial outcomes, customer impact and risk appetite, and being confident to “call it” where necessary. A strategic risk leader who can set direction, drive clarity of purpose, and shape how technology, security and supplier risks are managed across the organisation. A strong people leader with experience in developing and performance‑managing specialist talent, fostering a culture of accountability, learning and continuous improvement. Skilled at building high‑trust partnerships with cross‑functional teams (Technology, Security, Procurement, Ops Risk, Audit, Controls, CCOR), enabling open challenge and productive collaboration. Ability to design and embed automated risk assessment and continuous control monitoring, using data-led  and ‘as-code’ approaches (such as machine learning, risk quantification, and predictive analytics). Detailed knowledge of the key technology and security risks facing a financial services group, with a proven ability to assess and manage risk and threats (e.g. using FMEA, ISMS, MITRE ATT&CK, PASTA/STRIDE/DREAD frameworks and methodologies), set policy and manage compliance, design controls, provide assurance oversight and challenge, and offer advice balancing risk and reward. Expertise in Technology and Security, covering key areas such as Strategy, Architecture, Governance & Capability, Policy & Risk Framework, Information Protection, IT Asset Management, Identity & Access Management, Physical Protection, Vulnerability Management, 3rd Party/Supplier, Event & Incident Management, Network & Infrastructure Security, IT Problem Management, IT Performance & Capacity, Back Up, Restore & DR Proving, IT Reliable Engineering & Reliability & Redundancy, and IT Change Management.

What you'll be doing!

Working under the direction of our RFB UK Operational Risk specialists, the role will provide the following services:

• Contribute to the design and implementation of risk policies and appetite to enable the Group to meet regulatory and operational risk objectives, providing consistent, fair outcomes for customers.
• Contribute to ongoing data-led Operational Risk control objectives to meet the needs of risk and control owners, control specialist teams, audit and external regulators. 
• Support control owners and specialists to implement control measures that are designed to achieve the control objectives. Regularly monitor and validate the effectiveness of the design of control measures to ensure they are achieving the control objectives.
• Perform continuous oversight monitoring and reporting of the Group’s exposure relative to risk appetite, highlighting any significant deviations; by identifying and developing key risk and control indicators, and developing and inputting into associated dashboards and self-service solutions.
• Input to the implementation of a risk and control oversight plan to assess compliance to relevant laws, regulations, industry standards, Group policies and the ERMF.  Contribute to and enhance the automation of continuous compliance assessment against relevant laws, regulations, and standards.
• Build relationships with risk and control owners acting as Operational Risk Specialist business partner to help deliver against customer, business and strategic outcomes. 
• Provide pragmatic advice to support informed key risk decisions and trade-offs (balancing commerciality and risk appetite), being bold to ‘call it’, and influence senior decision makers.
• Propose solutions to business problems, delivering oversight with insight and innovative thinking to address technology and security risk challenges. This includes supporting Risk and Control Owners in identifying, prioritising and remediating risks and control gaps, ensuring robust action plans following operational risk events, incidents, supplier issues and breaches.
• Interpret new operational risk regulation and emerging security opportunities and threats accurately and adeptly. Forethinking the direction of travel and anticipating the impact of the proposed changes on the Group.
• Scanning the horizon for emerging risks (AI, Digital Ledger Technology, Quantum, third-party concentration, resiliency failures, cloud transformation) and translating them into actionable oversight activities and risk positions.
• Drive automation for risk and control measurement, monitoring, and reporting. Partner with security, data, engineering and analytics teams to call out issues and define action plans, all in pursuit of sustainable risk management.
• Leading deep-dive reviews, thematic analysis and targeted assurance activities across the tech stack, suppliers, and operational processes to identify systemic issues, weaknesses and emerging risks.
• Leading and performance‑managing a specialist risk team covering Operational Risk, Technology Risk and Supplier Risk—setting clear expectations, coaching for excellence, and driving a high‑performance, high‑challenge culture.

About working for us

Our focus is to ensure we're inclusive every day, building an organisation that reflects modern society and celebrates diversity in all its forms.

We want everyone to feel that they belong and can be their best, regardless of background, identity or culture.

We were one of the first major organisations to set goals on diversity in senior roles, create a menopause health package, and a dedicated Working with Cancer initiative.

And it’s why we especially welcome applications from under-represented groups.

We’re disability confident. So, if you’d like reasonable adjustments to be made to our recruitment processes, just let us know.

About working for us:

Specific to LTC Proposition

We also offer a wide-ranging benefits package, which includes:

Specific to LTC Proposition