Head, Technology Risk International, Group Cyber & Technology Risk, Group Risk

Job Responsibilities:

Provide centralized second‑line technology risk governance, oversight, and independent advisory for international countries and entities without dedicated Technology Risk Heads or CISOs. The role ensures consistent adoption of Group Technology Risk frameworks while supporting local IT teams in understanding and addressing jurisdiction‑specific regulatory requirements. This position supports the Group's risk objectives by strengthening technology risk governance, visibility, and escalation across international operations.

Technology Risk Governance & Oversight

• Manage and support associated technology risk metrics, including enterprise technology risk dashboards and reporting, across international countries and entities without dedicated Technology Risk or CISO functions.
• Oversee adoption and ongoing adherence to the Group Technology Risk Management Framework across international entities.
• Provide independent second‑line challenge on technology risk identification, assessment, monitoring, and reporting.
• Maintain group‑level visibility via enterprise technology risk dashboards and management reporting.

Risk Assessment and Monitoring

• Conduct and facilitate risk assessments, including identification and assessment of IT risks, evaluation of countermeasures, and recommendation of effective controls, for international entities in collaboration with local management and risk owners.
• Conduct and facilitate independent risk assessments for international entities with regards to technology, in collaboration with local management and risk owners.
• Monitor technology risk exposures and remediation progress against agreed risk tolerance.

Regulatory Compliance and Assurance

• Assist local management in compliance with internal technology risk policies, procedures, and applicable regulatory requirements across international entities, including those without local technology risk governance functions.
• Provide second‑line oversight and assurance over compliance with Group policies and applicable local regulatory requirements related to technology risk.
• Support regulatory reviews and supervisory engagements relating to technology risk matters for international entities.

Advisory and Risk Enablement

• Provide advisory guidance and recommendations on technology risks to international entities lacking dedicated Technology Risk or CISO capabilities, particularly in the areas of resiliency, control design, and risk treatment
• Provide independent advisory on technology risks for new initiatives, digital services, and significant technology changes in international entities.
• Participate in local management or risk governance meetings to present and discuss technology risk updates, emerging issues, and escalation items.

Technology Risk Culture and Capability

• Promote a technology risk-aware culture across international entities by collaborating with relevant stakeholders to enhance awareness, accountability, and understanding of technology-related risks.
• Promote technology risk awareness and accountability across international entities.
• Partner with local management and relevant functions to support targeted training and awareness initiatives.

Job Requirements:

• Bachelor's degree in IT, or Computing and/or other relevant domains.
• Experienced in IT with hands-on technical exposure, including experience in technology risk management, IT risk management, or IT audit within the financial services industry.
• Relevant professional certifications in technology risk, information security, or audit will be an advantage.
• Proven experience supporting or engaging multiple jurisdictions with different regulatory regimes. Prior exposure to second‑line risk oversight roles is strongly preferred.
• Sound understanding of technology risk governance, control frameworks, and regulatory expectations within financial institutions.
• Ability to apply independent judgment and provide effective second‑line challenge in line with approved frameworks.
• Ability to engage and work with stakeholders across geographies to support technology risk oversight and escalation.
• Clear, concise written and verbal communication suitable for updates, papers, and discussions with senior management and regulators.
• Ability to operate independently as a senior individual contributor within a matrixed and geographically dispersed environment.
• Makes day-to-day decisions related to risk assessments related to technology, advisory opinions, and governance reporting for international entities within approved Group frameworks.
• Provides recommendations to senior management on technology risk matters, which are generally accepted