ICT Risk Manager (Contract)

Crown Agents Bank is a vastly growing and regulated UK bank that connects emerging and frontier markets to the rest of the world, using FX and payments technology. We are transforming the way payments and FX move through emerging markets, reducing friction so that more money gets to those who need it. Emerging markets payments are usually challenging, expensive, unreliable and opaque. Our solutions help fix these pain points. Ultimately, we connect traditionally hard-to-reach regions to global financial infrastructure, giving access to the best prices and the fastest, most reliable settlement.

FX and cross-border payments are often complex and expensive, especially when operating in emerging markets. Crown Agents Bank (CAB) wraps its deep and trusted relationships and strength of network around innovative digital capabilities, and cross-border transaction banking solutions to enable fintech, corporates, governments, development organisations and banks to move money to, from, and across often hard-to-reach markets.

This contract position is to provide 2LoD oversight, advice, challenge and independent assurance to Crown Agents Bank (and its subsidiaries / branches (as required)), in relation to Cyber, Technology Risk and Information Security specifically relating to the 2026 Technology Transformation Programme.

Role Responsibilities include:

• Provide robust and independent 2LOD oversight to technology transformation projects with a particular focus on technical build against proposed target operating model, migration to a new system and risks associated with dual running of a strategic banking system – consideration should also be given to the introduction to any additional manual processes / controls. 
• Be responsible for providing independent oversight of the proposed target operating model (ToM), to understand new / existing dependencies and reliance on material 3rd party providers, assessing downstream (upstream) impacts to the wider Group. ·
• Understanding the details associated with the design phase including but not limited to system architecture and infrastructure. Ensure compliance with relevant PRA, FCA, BNB, FRSA regulations to cover the jurisdictions the Group operates in. There is a requirement for the role holder to also have an in-depth knowledge of various technology and information security frameworks to be able to understand and assess the integrate details of the proposed ToM. 
• Experience of working closely with transformation / project teams in an oversight role to deliver the ToM but also to assess the impact of system migration (and governance), dual running, amends to existing processes / procedures etc.,
• understanding of AI and how this could support the delivery of the TOM but also ensure adherence to various regulatory requirements including UK and EU GDPR and other applicable Data Protection Laws. 
• Provide sufficient oversight and assurance over documentation of processes, risks and controls as part of the New Product and Significant Change Process.
• Provide robust oversight and challenge to RCSA’s within technology and information security including cyber. 
• Preparing risk committee and board papers, as required, including robust management of known audit and control weaknesses.
• Developing, managing and providing oversight of applicable regulatory requirements around Cyber and Technology Risk Management across the Group.
• Support the embedding of an effective risk culture, encourage risk awareness across the Group and its activities.
• Provide specialist input in strategic planning, providing evaluation of risk and solutions in order to drive continuous improvement.
• Ensuring there are controls in place for identifying and managing IT/Information Security breaches and where necessary provide support with any incidents or breaches. Key stakeholder in P1 and P2 incident bridge calls – ensuring root cause analysis are completed and control environment reviewed and enhanced to acceptable levels.

• 10 years’ financial services risk management experience, with an understanding of operational risk management in regulated financial services firms. This should include detailed knowledge of Cyber Risk including IT Security, Data Security and Technology Risks. 
• Deeper understanding of technology transformation projects with a particular focus on technical builds.
• Possesses an excellent understanding of current IT environment affecting financial services.
• Understanding of recognised risk management standards (NIST, ISO27001, COSO, COBIT).
• Ability to challenge constructively and influence others.

• Initial 3 month day-rate contract, inside IR35.
• Hybrid working