Associate Director - Technology Risk
Aztec
Southampton, England, United Kingdom
We can consider fully or hybrid work in the UK. We re looking for a self-motivated and driven individual with a passion for technology risk management who is looking for an exciting role within Aztec s second line of defence (2LoD) Chief Risk Office. The purpose of this role is to be a technology risk SME, supporting the evolution, maintenance and delivery of Aztec s Enterprise Risk Management Framework (ERMF) to ensure that we understand and manage the risks arising from the use of technology. You will provide expertise, advice and independent challenge around the Technology risk and control environment and play a crucial role in developing the technology risk strategy to protect Aztec from potential threats while enabling business growth and innovation. This role offers the successful candidate extensive development opportunities and the opportunity to apply their knowledge at a leadership level within a financial services environment. Key responsibilities: Development and delivery of Aztec s technology risk strategy in line with the ERMF, Chief Risk Office roadmap, regulatory requirements and industry best practice, such as COBIT5 / ITIL. Ensure that key Technology related strategic risks are appropriately covered within the ERMF. Develop, monitor and challenge the effectiveness of risk appetite and Key Risk Indicators (KRIs). Work with the Chief Risk Office and Technology Leadership to establish robust risk governance for managing Technology risks. Risk Identification, Assessment and Mitigation Lead the 2LoD oversight of the Technology risk and control environment including the identification, assessment, mitigation and monitoring of key strategic risks related to cyber security, cloud infrastructure, AI, data management and wider digital transformation. Conduct independent assurance reviews where necessary to assess the design and application effectiveness of technology controls. Responsible for 2LoD oversight of the management of technology vendor risks ensuring that key technology vendors have appropriate controls in place to maintain their robustness and resilience. Oversee the technology issues management and risk acceptance processes. Lead on the review of material Technology Risk Events ensuring that actual / potential losses, fix details and root cause analysis is reported in a timely and accurate manner within risk governance. Take a lead role in the identification and evaluation of risks associated with technology regulatory change and compliance (e.g., DORA, EU Artificial Intelligence Act). Risk Reporting and Insights Timely and meaningful production of 2LoD risk reports to various levels of risk governance highlighting key Technology risks and the appropriateness of mitigation strategies. Escalate material technology risks and issues within the Chief Risk Office and to wider risk governance and recommend appropriate mitigation. Provide insightful data driven technology risk analysis to support risk-based decision-making. Provide subject matter expertise on emerging technology risks and report emerging technology risks within risk governance as part of integrated risk reporting. Risk Culture and Awareness Take a lead role in embedding a strong risk culture across Technology functions. Drive risk maturity within Technology functions and regularly assess against Aztec s Risk Maturity Model, reporting outcomes / areas of focus within risk governance. Make risk meaningful and relevant to key stakeholders through training and awareness materials and sharing of best practice in a clear easy to understand language. Take a lead role in the challenge of Aztec s technology, data, AI and cyber security strategies, and be able to articulate and assess the associated risks. Lead the 2LoD oversight on Technology related transformation initiatives including attendance at project SteerCo s to provide independent risk-based challenge and advice. Act as a subject matter expert on AI including providing effective 2LoD oversight and challenge on the implementation of Aztec s AI strategy and AI Risk Management Framework. Stakeholder Management / Line Management Build and maintain strong relationships with colleagues, business contacts and senior stakeholders and be seen as an escalation point for technology risk related queries and advice. Partner with 1LoD Technology functions to enhance resilience, mitigate technology and cyber risks, and integrate risk considerations into Technology strategy and operations. Provide thought leadership to clients and other senior stakeholders. Attend senior risk governance committees as a Chief Risk Office representative including the Information Security Forum and the Data Governance and AI Committee. As required, represent the Chief Risk Office as the technology risk SME at executive and board level risk committees. Be a 2LoD contact point for auditors, clients, and other external stakeholders. Actively manage the performance and development of direct reports ensuring a structured and motivating environment and results driven approach. Skills, knowledge, expertise: Qualifications and experience Prior experience within a financial services environment. Educated to degree level in a relevant subject and / or hold a technology or risk related professional qualification. Deep technical knowledge of technology related regulation (e.g., DORA, GDPR, EU AI Act). Experience with third-party and outsourcing risk, AI and digital transformation risks. Experience of developing and operating Technology Risk Management Frameworks such as ITIL, COBIT, NIST, ISO. Demonstrable extensive relevant experience of technology risk management in either a 1LoD or 2 LoD capacity (2LoD preferrable). Experience in scenario analysis and resilience impact assessments would be advantageous. Core skills and competencies A strong working knowledge of Microsoft products including Excel and Word, strong analytical skills and ability to provide risk intelligence analysis. Highly developed written and verbal communication skills and demonstrable experience interfacing with senior stakeholder to establish relationships and become a trusted advisor. An ability to apply technical knowledge in a practical manner and balance commercial issues and business objectives within the confines of the ERMF. Independently minded and able to challenge constructively and professionally. Result orientated, self-motivated, and capable of planning and managing own workload Ability to negotiate, influence and build consensus in a challenging environment. Advanced presentation skills including the use of Microsoft PowerPoint and ability to produce concise executive and board level risk reports. We will provide the training, both in-house for relevant technical knowledge and also professional qualifications to enhance your professional development. You will need to be quick to learn new systems and great with people, as close working relationships between our colleagues and clients is at the heart of what we do. #J-18808-Ljbffr