IT & Cyber Technology Risk Assurance Manager

Job Overview:

Lead the internal technical risk assurance function for banking/finance/hedge fund businesses, ensuring risk exposure is identified, measured, monitored, and remediated across applications, infrastructure, and services. Align all activities to the Cyber Strategy and directives from the Group CISO, and provide decision-ready narratives to the Technology Risk Forum (TRF).

Own end-to-end assurance across policy/standards, control design and operating effectiveness, KRI/KPI governance, RCSA execution, audit/regulator engagement, and executive reporting. Manage local regional expertise and stakeholder communication to enable consistent risk reduction and operational resilience across the region.

Key Responsibilities:

· Metrics & Risk Appetite Governance: Define, maintain, and continuously improve internal KRIs/KPIs mapped to risk appetite; run monthly Metrics Quality Assurance (MQA) checks (accuracy, timeliness, completeness, reconciliation).

· Risk & Control Self-Assessment (RCSA): Lead annual RCSA across applications/platforms; calibrate inherent/residual risk; document treatment plans and risk acceptances; ensure closure to target dates.

· Assurance Execution: Plan and deliver control testing (design and operating effectiveness) across identity, access, change, patching, vulnerability remediation, data protection, incident response, resilience/backup/restore, third-party touchpoints within internal scope.

· Regulatory & Framework Mapping: Maintain a single control library mapped to ISO/IEC 27001:2022, NIST CSF 2.0, ISO 31000, COBIT, GDPR, DORA (EU), EU AI Act, SOX 404 (where applicable), and PCI DSS v4.0 for payments; ensure evidence quality and audit readiness.

· Issue Management & Remediation: Drive RCA for failing metrics and control gaps; implement the Metric Rewrite Protocol where definitions are unfit; track remediation to closure with owners and SLAs.

· Technology Risk Forum Inputs: Provide quarterly TRF packs—regional posture, KRI/KPI trends, material events, themed risks, remediation progress, and clear asks (policy decisions, funding, prioritization).

· Stakeholder Management & Communication: Coordinate with application owners, platform/cloud teams, SOC, IT Ops, Data Protection, Finance, Legal/Compliance, Internal Audit; communicate complex themes in clear, persuasive executive narratives.

· Automation & Reporting: Partner with GRC and BI teams to implement automated dashboards and evidence repositories; maintain data lineage and owner accountability.

· Regional Enablement: Build and mentor local/regional assurance practitioners; harmonise methods, thresholds, and reporting across countries within region.

· Execute delegated tasks as deemed appropriate by the Group CISO and other empowered Group Cyber leadership authorities, ensuring timely and effective completion in alignment with organizational priorities.

· Support the Group Cyber Strategy end-to-end, driving alignment of all activities, decisions, and deliverables with strategic objectives and business outcomes.

Candidate Profile

· 7- 8 years in cyber risk assurance, internal audit, or GRC within financial services.

· Demonstrated experience leading RCSA/control testing and turning failing metrics green via structured remediation.

· Deep familiarity with ISO/IEC 27001:2022, NIST CSF 2.0, ISO 31000, COBIT 2019, GDPR, DORA (EU), EU AI Act, SOX 404 (as applicable), and PCI DSS v4.0/v4.0.1.

· Exceptional communication, presentation, articulation, and stakeholder influence skills; strong executive-level storytelling.