Risk Partner IT & Product

Hi, we’re PEXA!

We know you’ll Google us before applying, so let’s keep this brief. PEXA revolutionised the way that property is settled in Australia, turning a paper-based process into a digital one. Our solution is a world-first, with over 500 people across Australia and an expanding international team, we’re helping 20,000+ families into their homes each week.

We’re passionate about solving problems for our customers – always striving to set the standard for how property is bought and sold. Being awarded as one of the best places to work in Australia is a recognition of our culture and commitment to innovation, customers and our community.

We’re growing fast, that is where you come in.

We believe our success in Australia is worth sharing and that our proven technology will advance how the UK buys and sells homes.

Establishing ourselves within the UK in late 2020, we are committed to collaborating with lawyers, conveyancers, lenders, government and the property industry, to set the new standard for both remortgages and buying and selling property.

We are seeking a commercially minded, second line Risk Partner to join the UK group risk function where technology risk management plays a critical role in safeguarding the group. This is a hands-on role with responsibility for advice, overseeing regulatory change and monitoring and embedding a strong risk & compliance culture across these functional lines.

This role will work in close partnership with senior leadership teams across Product, IT, Cyber, Information Security and Operational Resilience with the IT and Product functions. You will provide independent advice, oversight, monitoring and constructive challenge to these functions on their management of technology and cyber security risks. The role acts as a specialist advisor to ensure risk remain with UK defined risk appetite. The role holder will be expected to take end to end ownership across risk advisory & guidance, risk oversight and support with regulatory returns (including REP0018 submission on IT Security & Operational Risk).

• Second Line Oversight: Provide oversight, review and challenge of the cyber risk profile and cyber control environment. Highlight control gaps and collaborate with control owners on remediation plans
• Review & assess changes to technology platform and products that impact UK group risks & risk profile
• Contribute towards the development and enhancement of technology risk framework and ensure alignment with evolving regulatory expectations
• Business Partnering & Advisory
• Be the subject matter expert to IT and Product functional leaders, providing guidance on risk identification, controls improvements and risk mitigation for new product features, projects, contracts or business change
• Proactive risk engagement and early intervention by engaging early during solution design, procurement etc for IT and product changes to assess risks
• Risk Framework Embedding:
• Drive the adoption of the UK Risk Framework, ensuring processes align with standards
• Risk & Control Self Assessments (RCSAs)
• Reporting & Governance
• Controls, Compliance & Regulation
• Incident & Issue Management:
• Support the resolution of risk events, perform root cause analysis and ensure learnings are translated into actionable improvements
• Monitoring & Assurance:
• Track Key Risk Indicators (KRIs) to identify emerging trends
• Conduct in depth reviews of the Product, IT & Cyber function, their adoption & implementation of technology and reporting to risk matters to oversight committees
• Perform risk based deep dives to identify and understand product, technology and cyber security related risk drivers and work in partnership with the first line function to identify key programmes/tasks to address these. This is expected across core technology risk domains of resilience and continuity, cloud and third party, data governance and protection, generative AI and broader AI adoption, technology delivery and change
• Design, recommend and complete assurance programmes and controls testing, feeding results into risk assessments and reporting

• Prior experience in technology risk management and compliance within regulated environment
• Strong understanding of technology, cyber risk, resilience, IT controls & governance frameworks
• Familiarity with frameworks and standards such as SOC 2 and ISO 27001
• At least 5 years’ experience within risk management with an EMI, payments or fintech
• Deep understanding of risk management principles (eg ISO 31000, COSO)
• Strong working knowledge of FCA regulation for EMIs and UK regulatory landscape, including ICO
• Practical, commercial approach to risk management
• Ability to manage complex analysis, interpret regulatory standards and provide high quality oversight
• Demonstrable ability to integrate risk management and control frameworks with sharp commercial insight, enabling responsible and scalable business growth
• Excellent analytical & problem-solving skills, with a track record of driving root cause analysis and effective solutions
• Excellent written and verbal communication skills with the ability to influence and challenge constructively
• Strong organisational skills & experience working in a fast paced, dynamic environment with tight deadlines
• Strong analysis skills to translate complex risk issues into actionable business insights
• Professional qualification in Risk Management desirable

£90,000 - £100,000 a year

+ Bonus + Benefits

Great question! Being a PEXArian is so much more than just a job. We’re a passionate, motivated and unashamedly enthusiastic bunch at PEXA – we love what we do and we’re proud to admit it! Creating brilliant experiences for our members and their clients wouldn’t be possible without ensuring we deliver an exceptional employee experience.

Here’s a snapshot of what your life at PEXA could look like:

Your growth:

We encourage you to hit your personal and professional learning and development goals with our tailored programs and tools.

Your wellness:

We care about your holistic wellbeing

Your work/life blend:

We know that work is just one aspect of your life – we want to help you create your ideal work/life blend, rather than squeezing in life around work.

Sounds like you?

We at PEXA are ready so if this role sounds like you apply today.

To be conducted as part of post offer employment checks: The personal information we have collected from you will be shared with Cifas who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. Your personal information will also be used to verify your identity. Further details of how your information will be used by us and Cifas, and your data protection rights, can be found in our privacy notice.

GDPR Compliance: Digital Completion UK Limited (trading name “PEXA”) and related entities are owned by DigCom UK Holdings Limited. When we process your applicant personal data for recruitment purposes, we do so as a controller. If as part of the recruitment process we share your personal data with another company within the PEXA Group, that company may process your personal data as either an independent controller or, in certain circumstances, a joint controller. By applying for this role, you consent to us processing your personal data in accordance with the UK GDPR and the Data Protection Act 2018. Further information can be found in our privacy notice.

#PEXAUK