Director – Technology Risk and Controls Management

Role Purpose

Drive a positive and responsible approach to risk management in an environment of increasing regulatory and audit attention, and embed a culture of risk management across technology

• Influence the group's approach to managing risk, aligning with group risk, audit, regulators and other stakeholders
• Drive divisional teams to ensure timely planning for adequate resources and priority to meet demand for risk data and process
• Ensure divisional leaders are managing top risks responsibly and build transparency around remediation plans into the change portfolio
• Work to channel second line demand and provide robust challenge to approach and sequencing to ensure value
• Support regulatory office in delivering required data and constructive challenge to regulators, assisting in management of the relationship and ensuring the technology organisation avoids negative regulatory attention
• Quality assure regulatory and audit responses

Key relationships & committees

Other Technology COO functions including strategy, business performance and programme governance

Technology Leadership Team (Divisional CIO's)

Technology Divisional business management teams and risk officers

Regulatory office

Cybersecurity

Internal Audit

Group Risk

Key responsibilities

This role enables timely and effective management of risk in technology, while aligning the governance model to support the firm's strategic goals

• Foster a strong risk culture with proactive and collaborative value add approach rather than compliance driven
• Operationalise Risk Management into existing Technology processes including strategic planning & project management
• Ensure risk appetite and links to technology objectives influence target operating model and investment priorities
• Feed audit and regulatory requirements feed into risk appetite and link to technology objectives, influencing target operating model and investment priorities
• Build clear effectiveness metrics embedded into existing reporting mechanisms, tailored to audiences and rolled up in a way that is traceable through leadership teams, Exec Risk Committees, to the board etc.

Build a broad, active community of risk champions and stakeholders to improve the risk management and control culture across the technology organisation

• Build expertise in the management of IT controls to provide added value across technology
• Deliver risk and control data analytics dashboards to facilitate data driven decisions by senior leaders
• Use modern data analytics to enhance strategic intelligence / risk assessments

Skills

• Previous IT Audit, 2nd line Technology Risk or 1st line technology risk assurance expertise in financial services
• Industry / leading practice knowledge to provide guidance to support Divisional Technology teams and influence practices in DevSecOps, agile, tooling, architecture, disaster recovery, operational resilience, IT asset management, incident and problem management, IT third party risk management, program/project management, infrastructure practices
• Review / challenge risk & control assessments and control testing performed by the Divisional risk representatives and provide training as required
• Perform validation testing on actions
• Ability to write and distinguish between risks, controls, process, issues and actions
• Help to facilitate updates/refreshes of the Group Risk Taxonomy and Risk Appetite with the Divisional Technology Risk Officers
• Ad hoc projects and initiatives
• GRC tool design requirements and testing
• Thematic analysis of risk exposure

Leadership responsibilities

May include direct line management and matrix management of FTE and contract resources in order to build out control processes and tooling

More emphasis is on influencing existing teams in other divisions to enhance their risk management culture and drive the availability of meaningful metrics and data.

Critical deliverables

Work with divisional CIO's and their risk teams to move the risk culture of 1st line to be stronger, proactive and with increased capacity to provide timely and quality input to 2nd and 3rd line, getting on the front foot with implementing controls

Channel demand from 2nd and 3rd line through Technology COO office, triaging requests and challenging on scope, timing and sequencing where it makes sense

Drive remediation of key risks and audit observations through making transparent and clear the relationship between risk mitigation and the investment portfolio / operational excellence activities

Oversee assurance activities to ensure appropriate and periodic risk management activities are completed to a level of rigour that supports responsible risk taking by Technology

Investigate and sponsor the adoption of appropriate risk tracking / management tooling and ensure the reuse of data generated by this tooling to support key decision processes such as annual demand management / capital allocation

Ensure high priority regulatory / audit observations receive adequate management response and that proposed mitigations are tracked through to completion with traceable and demonstrable outcomes

Impact

By strengthening risk management capabilities in Technology, the role holder is directly contributing to the improved management of risk and therefore avoidance of negative events with revenue or reputational impacts.

The role holder will have the opportunity to drive a complex agenda of change activities that contribute to the material success of the organisation by reducing operational risks and ensuring that the business can make investment and mitigation decisions with appropriate data and rigour.

At LSEG, we believe that creating a diverse and inclusive organisation is fundamental to the way we deliver on our promise - and our purpose. You'll be part of an organisation of over 25,000 people, spanning 70 countries. We recognise the individual perspectives each of our colleagues brings, and our diverse workforce is one of our greatest strengths. In supporting collaboration and creativity and encouraging new ideas across a diverse and inclusive workforce, we can improve how we are driving financial stability, empowering economies and enabling customers to create sustainable growth.

LSEG offers a range of tailored benefits and support from healthcare and retirement planning to paid volunteering days and wellbeing initiatives.

We are an equal opportunities employer. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.

Please take a moment to read this privacy notice carefully, as it describes what personal information the London Stock Exchange Group (LSEG) ("We") may hold about you, what it's used for, and how it's obtained, your rights and how to contact us as a data subject.

If you are submitting as a Recruitment Agency Partner, it is essential and your responsibility to ensure that candidates applying to LSEG are aware of this privacy notice.