Technology Risk Associate

The Role 👋

• Advance the Technology and Cyber Risk capability: The individual will provides oversight, review and challenge of the cyber risk profile and cyber control environment. Contribute towards the development/enhancement of technology risk framework and ensure alignment with evolving regulatory expectations and adoption of newer technologies and architecture patterns.


• Perform risk-based deep-dives: Perform risk based deep dives to identify and understand technology and cyber security related risk drivers and work in partnership with the First Line(s) to identify key programmes/tasks to address these. This is expected across core technology risk domains of resilience and continuity, cloud and third-party, data governance and protection, generative AI and broader AI adoption, and technology delivery and change.


• Cyber risk reporting: Ensure precise articulation of inherent and residual risks, along with comprehensive evaluation of control effectiveness. Provide oversight of issue management, Key Risk Indicators (KRIs), and adherence to policy requirements. Additionally, review KRIs and other risk telemetry to identify emerging themes, cyber risk trends, and potential control deficiencies.


• Proactive risk engagement and early intervention: Engage early during solution design, procurement, and PoC phases to assess technology and cyber risks. Continuously evolve domain focus areas to reflect changes in the threat landscape and regulatory environment(s) across operating geographies.


• Strong focus on automation: Help in building continuous assurance programmes, automate control testing, and feed results directly into established enterprise risk frameworks to support reporting and regulatory requirements.


• Stakeholder Management: Regular effective stakeholder management is key, this will include teams like Cyber security, Engineering, Product, and Internal Audit.

Experience 🧱

• 4-6 years, experience in regulated financial or fintech environments, or with technology risk focused consulting firms preferred.
• A deep understanding of IT security and technology risks principles, with specific focus of operating in a cloud-native and SaaS heavy environment is essential for this role.
• Demonstrated experience with cyber risk frameworks and a solid understanding of best practices within a well-managed cyber environment.
• Effective communication with both internal and external stakeholders.
• Experience with cloud platforms’ risk management, cloud security, and compliance, including domains of Identity and Access Management, Infrastructure and Data security, Detection and Incident Response, and Governance.

How we expect you to behave ❤️

• We embrace difference and know that when we can be ourselves at work, we are happier, more motivated and creative. We want to be able to bring our whole selves to work, have our own perspectives and know that we belong. As such, through your behaviours at work, we expect you to reflect and actively sustain a healthy engineering environment that looks like this:
• A wide range of voices heard to the benefit of all
• Teams that are clearly happy, engaged, and laugh together
• Perceivable safety to have an opinion or ask a question
• No egos - people listen to and learn from others at all levels, with strong opinions held loosely