Technology, Resilience and Security Risk Manager

Join to apply for the Technology, Resilience and Security Risk Manager role at TrinityBridge

This role will focus on analysing, developing and maturing TrinityBridge’s IT Governance and alignment with industry-standard frameworks, ensuring our ability to resiliently safeguard our clients, our people, and their assets.

The role contributes to the ongoing development and evolution of the enterprise-wide technology, resilience, and security governance strategy, ensuring alignment with business objectives and regulatory requirements.

This colleague will be responsible for providing regular updates and recommendations to the C-suite on governance, risk, and compliance matters as required.

• Governance:
  • Analysing existing TrinityBridge Technology, Security and Resilience (TRS) Governance to identify and close gaps and improvement opportunities.
  • Ownership of the governance lifecycle of TrinityBridge’s policy and standards relating to TRS.
  • Ownership of monthly risk reporting and KRIs/KPIs across TRS.
  • Ownership of Risk and Control Registers across TRS.
  • Reporting on risk items across all avenues in a timely and appropriate manner across governance forums, ensuring affected stakeholders are informed.
  • Developing and maintaining TRS risk appetite statements, MI, KPIs and KRIs in conjunction with the Operational Risk team, to ensure TrinityBridge report with clarity on operation within the agreed tolerance.
  • Produce full gap analysis reports on areas of improvement and risk, to support risk and cost reduction and strategy delivery, recommending thorough mitigation plans including justification for options considered.
  • Own, chair and shape the future of the Cyber and Resilience Risk committee (CRC) and sub-CRC- monthly forums presenting the TRS risk position, risk acceptances, approvals and actions to the CISO and COO and TRS leadership team.
  • Independent review of problem management, incident management and KRIs to provide proposals and recommendations on continuous improvement and optimal performance of the enterprise function.
  • Ownership of TRS risk assessment of third and fourth parties through the established third party management team.
  • Monitor emerging regulatory requirements and ensure governance frameworks are updated accordingly.
  • Define, review, and evolve key metrics (MI, KPIs, KRIs) to ensure they remain relevant and actionable.
• Programme delivery:
  • Working closely with the TRS leadership team to assure weekly project status reports, ensuring accuracy of TRS’ business change governance across the enterprise.
  • Responsible for appropriate application of all business and technology change from a cyber and information security perspective.
  • Ensuring TRS Governance is adhered to throughout business as usual (BAU) operation and business change, utilising the mature operational processes already in place.
  • Act as an interface between business change and TRS leadership where deviations to process and risk acceptances may be necessary.
• Communication, Reporting & Culture:
  • Responsible for TrinityBridge’s strong cyber and information security culture, acting as the ‘de‑facto’ expert on cyber and information security for the business.
  • Independently able to produce comprehensive write‑ups of current risks and threats as they develop, producing expedient updates as situations change and span different threat vectors.
  • Proactively report upwards on emerging cyber and data risks and threats, providing a view through a business lens on potential impacts.
  • Responsible for monthly robust, traceable and risk‑led MI on cyber and information security performance against governance frameworks and risk appetite.
• People:
  • Operate with respect, diversity and inclusion principles as a key tenet of your role.
  • Develop a culture of continuous improvement and appraisal as a foundation for excellent organisational performance, including operating within the firm’s people policies and processes.
  • Build and develop relationships with organisation‑wide peers.
• Regulatory Responsibilities ¦ Compliance/T&C:
  • Ability to demonstrate an understanding of the regulatory framework relevant to the role, whilst practising effective risk management taking account of outcomes for clients.
  • Understand, follow and demonstrate compliance with all relevant internal and external rules, regulations and procedures that apply to the conduct of the business. Follow principles and rules of the Financial Conduct Authority (FCA) and the internal requirements set out in the Compliance Manual, local and Group Compliance and Risk policies.

• Experience in working in risk management roles with sole responsibility for risk areas.
• Whilst being hands‑on technical is not required, a fundamental understanding of Cyber/Information Security, resilience and technical risk is required.
• Pragmatic and able to work collaboratively to find solutions.
• Excellent writing comprehension and ability, with a drive to improve existing documents and processes.
• Excellent verbal communication skills, operating with empathy and psychological safety.
• Able to clearly articulate how stakeholders comply with requirements/expectations set by regulators, auditors, organisational risk appetite, senior management and the board.
• Experience in gathering, analysing and structuring data using Microsoft and AI tools.
• Experience in the development and production of dashboards and reports, including MI, KPIs and KRIs.
• Ability to work independently within a defined remit, managing schedule and multiple objectives.
• Ability to collaborate effectively with colleagues at all organisational levels.
• Desirable:
  • Working as a cyber security and technology risk manager at a financial services organization
  • Possess a working understanding of industry standard frameworks and concepts such ISO27001, SOC Type I & II, ITIL, COBIT, Agile, NIST, CMMI
  • CISM or business analysis certification or qualification

At TrinityBridge we look to recruit individuals from all different backgrounds and encourage you to apply even if you don’t tick every box. We celebrate diversity, promote inclusivity and are open to discuss flexible work options to help you balance your work and home life.

We appreciate that from time to time, recruitment agencies will have speculative CVs that they may wish to submit to our Talent Acquisition team in relation to a specific role. To avoid any ambiguity around fees, please note that speculative CVs received by TrinityBridge, that have not been authorised in advance, by us, will be ineligible for an agency fee. Thank you.

Seniority level: Mid-Senior level

Employment type: Full-time

Job function: Information Technology