Director – IT Technology Risk and Controls Management

Role Purpose

Drive a positive and responsible approach to risk management in an environment of increasing regulatory and audit attention, and embed a culture of risk management across technology
Influence the group's approach to managing risk, aligning with group risk, audit, regulators and other stakeholders
Drive divisional teams to ensure timely planning for adequate resources and priority to meet demand for risk data and process
Ensure divisional leaders are managing top risks responsibly and build transparency around remediation plans into the change portfolio
Work to channel second line demand and provide robust challenge to approach and sequencing to ensure value
Support regulatory office in delivering required data and constructive challenge to regulators, assisting in management of the relationship and ensuring the technology organisation avoids negative regulatory attention
Quality assure regulatory and audit responses

Key relationships & committees

Other Technology COO functions including strategy, business performance and programme governance
Technology Leadership Team (Divisional CIO's)
Technology Divisional business management teams and risk officers
Regulatory office
Cybersecurity
Internal Audit
Group Risk

Key responsibilities

This role enables timely and effective management of risk in technology, while aligning the governance model to support the firm's strategic goals
Foster a strong risk culture with proactive and collaborative value add approach rather than compliance driven
Operationalise Risk Management into existing Technology processes including strategic planning & project management
Ensure risk appetite and links to technology objectives influence target operating model and investment priorities
Feed audit and regulatory requirements feed into risk appetite and link to technology objectives, influencing target operating model and investment priorities
Build clear effectiveness metrics embedded into existing reporting mechanisms, tailored to audiences and rolled up in a way that is traceable through leadership teams, Exec Risk Committees, to the board etc.
Build a broad, active community of risk champions and stakeholders to improve the risk management and control culture across the technology organisation
Build expertise in the management of IT controls to provide added value across technology
Deliver risk and control data analytics dashboards to facilitate data driven decisions by senior leaders
Use modern data analytics to enhance strategic intelligence / risk assessments

Skills required

Previous IT Audit, 2nd line Technology Risk or 1st line technology risk assurance expertise in financial services
Industry / leading practice knowledge to provide guidance to support Divisional Technology teams and influence practices in DevSecOps, agile, tooling, architecture, disaster recovery, operational resilience, IT asset management, incident and problem management, IT third party risk management, program/project management, infrastructure practices
Review / challenge risk & control assessments and control testing performed by the Divisional risk representatives and provide training as required
Perform validation testing on actions
Ability to write and distinguish between risks, controls, process, issues and actions
Help to facilitate updates/refreshes of the Group Risk Taxonomy and Risk Appetite with the Divisional Technology Risk Officers
Ad hoc projects and initiatives
GRC tool design requirements and testing
Thematic analysis of risk exposure

Leadership responsibilities

May include direct line management and matrix management of FTE and contract resources in order to build out control processes and tooling
More emphasis is on influencing existing teams in other divisions to enhance their risk management culture and drive the availability of meaningful metrics and data.

Critical deliverables

Work with divisional CIO's and their risk teams to move the risk culture of 1st line to be stronger, proactive and with increased capacity to provide timely and quality input to 2nd and 3rd line, getting on the front foot with implementing controls
Channel demand from 2nd and 3rd line through Technology COO office, triaging requests and challenging on scope, timing and sequencing where it makes sense
Drive remediation of key risks and audit observations through making transparent and clear the relationship between risk mitigation and the investment portfolio / operational excellence activities
Oversee assurance activities to ensure appropriate and periodic risk management activities are completed to a level of rigour that supports responsible risk taking by Technology
Investigate and sponsor the adoption of appropriate risk tracking / management tooling and ensure the reuse of data generated by this tooling to support key decision processes such as annual demand management / capital allocation
Ensure high priority regulatory / audit observations receive adequate management response and that proposed mitigations are tracked through to completion with traceable and demonstrable outcomes

Impact
By strengthening risk management capabilities in Technology, the role holder is directly contributing to the improved management of risk and therefore avoidance of negative events with revenue or reputational impacts.
The role holder will have the opportunity to drive a complex agenda of change activities that contribute to the material success of the organisation by reducing operational risks and ensuring that the business can make investment and mitigation decisions with appropriate data and rigour.

At LSEG, we believe that creating a diverse and inclusive organisation is fundamental to the way we deliver on our promise of creating essential partnerships and open opportunities. Our open culture is central to how we deliver our purpose - driving financial stability, empowering economies and enabling customers to create sustainable growth - in everything we do.

Working with us means that you will be part of a dynamic organisation of 25,000 people across 70 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce. You will be part of a collaborative and creative culture where we encourage new ideas and are committed to sustainability across our global business. You will experience the critical role we have in helping to re-engineer the financial ecosystem to support and drive sustainable economic growth. Together, we are aiming to achieve this growth by accelerating the just transition to net zero, enabling growth of the green economy and creating inclusive economic opportunity.

LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives.

We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone's race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.

Please take a moment to read this privacy notice carefully, as it describes what personal information London Stock Exchange Group (LSEG) (we) may hold about you, what it's used for, and how it's obtained, your rights and how to contact us as a data subject.

If you are submitting as a Recruitment Agency Partner, it is essential and your responsibility to ensure that candidates applying to LSEG are aware of this privacy notice.