Director, Technology, Cyber & Resilience Risk

Role Purpose

Leads the Technology Risk & Operational Resilience capability across DSM, FX, and Risk Intelligence, accountable for the first-line risk and control environment, ensuring it operates within defined risk appetite and meets regulatory expectations. Drives risk-informed engineering delivery, embedding robust controls, resilience practices, and data-led assurance across platforms. Reports to Head of Business Management, Markets & Risk Intelligence Engineering.

Core Accountabilities

1. Risk & Control Ownership

• Own the first-line technology risk profile, ensuring alignment to divisional risk appetite.
• Own the technology control framework and library (applications, infrastructure, cloud, cyber).
• Define control standards, testing approaches, and assurance mechanisms.
• Drive remediation of control gaps, including systemic risk issues.

2. Operational Resilience

• Own first-line implementation of operational resilience frameworks, including:
  • Important business services (IBS)
  • Impact tolerances
  • Scenario testing and resilience validation
• Ensure resilience is embedded into architecture, engineering and change processes.
• Partner with 2LOD to ensure alignment with regulatory expectations (e.g. DORA, UK OpRes).

3. Risk Governance & Decisioning

• Lead 1LoD technology risk governance forums).
• Provide independent first-line challenge to engineering, architecture, and product teams.
• Escalate and drive resolution of material risk decisions and breaches (i.e. major incidents, material audit findings)
• Provide clear, data-driven risk and impact assessments to product owners in business-led risk forums/committees.

4. Regulatory, Audit & External Engagement

• Own first-line response to audit and regulatory reviews, including:
  • Issue ownership and remediation tracking.
  • Evidence provision and assurance quality
• Provide technology risk insight to executive committees and Boards.
• Monitor external regulatory developments and emerging risks to drive required changes.

5. Third Party & Cloud Risk

• Own oversight of technology third-party risk, including:
  • Critical suppliers and intra-group dependencies (i.e. IRQ, DDQ validation and remediation of gaps)
  • Control effectiveness, TPRM lifecycle and exit risks.
• Ensure alignment of cloud risk controls with enterprise standards.
• Partner with Infrastructure & Cyber (BSL) with clear accountability boundaries for technology services to supported entities.

6. Risk Data, MI & Reporting

• Own risk reporting and insight across DSM, FX, and RI.
• Define and govern KRIs, KPIs and control effectiveness metrics (KCIs).
• Ensure availability of accurate, decision-ready risk data.
• Drive adoption of data-led risk management across engineering teams.

7. Leadership & Operating Model

• Lead and develop a high-performing technology risk team.
• Define clear roles, responsibilities, and RACI across first and second lines.
• Build risk capability across engineering, not just within the function.
• Act as a senior leader influencing culture, behaviours, and delivery outcomes.

Required Experience

• Senior leadership in technology risk within regulated financial services.
• Ownership of control frameworks aligned to recognised standards (NIST, ISO, COBIT).
• Strong track record in risk governance and remediation of systemic issues.
• Operational resilience and incident management expertise.
• Experience engaging with regulators and executive stakeholders.
• Cloud and third-party risk oversight.

Qualifications & Certifications (preferred)

• CRISC, CISM, CISSP, ISO 27001 Lead Auditor/Implementer, ITIL Expert.
• Degree in Computer Science/Engineering or equivalent experience.

Skills & Attributes

• Combines deep risk expertise with engineering credibility.
• Strong decision-making and challenge capability, not just advisory.
• Highly effective in executive communication and regulatory engagement.
• Drives delivery discipline through measurable outcomes.
• Builds alignment across complex stakeholder landscapes.

Career Stage:

London Stock Exchange Group (LSEG) Information:

Join us and be part of a team that values innovation, quality, and continuous improvement. If you're ready to take your career to the next level and make a significant impact, we'd love to hear from you.

LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth.

Our purpose is the foundation on which our culture is built. Our values of Integrity, Partnership, Excellence and Change underpin our purpose and set the standard for everything we do, every day. They go to the heart of who we are and guide our decision making and everyday actions.

Working with us means that you will be part of a dynamic organisation of 25,000 people across 65 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce.

We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone’s race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs.

You will be part of a collaborative and creative culture where we encourage new ideas. We are committed to sustainability across our global business and we are proud to partner with our customers to help them meet their sustainability objectives. Our charity, the LSEG Foundation provides charitable grants to community groups that help people access economic opportunities and build a secure future with financial independence. Colleagues can get involved through fundraising and volunteering.

LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives.

Please take a moment to read this privacy notice carefully, as it describes what personal information London Stock Exchange Group (LSEG) (we) may hold about you, what it’s used for, and how it’s obtained, your rights and how to contact us as a data subject.

If you are submitting as a Recruitment Agency Partner, it is essential and your responsibility to ensure that candidates applying to LSEG are aware of this privacy notice.