Overview
Risk Manager – Technology Security & Resilience | Quilter, Southampton, United Kingdom
Quilter plc is a leading wealth management business focused on enabling brighter financial futures for every generation. The role involves working with Risk and Compliance colleagues to assess and influence key technology, security and resilience risk decisions and to enhance the risk culture across the organisation.
Responsibilities
* Framework and Policies
o Support the Head of Risk Technology, Security & Resilience with quantification and validation of technology, security and resilience risks.
o Assist with the development and roll out of Quilter-wide risk policies, including oversight of annual refresh and compliance assessments by the first line in relation to technology, security and resilience risk; review effectiveness annually and input into policy updates in line with good practice and regulatory requirements.
o Input into and oversee development of technology, security and resilience risk scenarios; work with 1st line stakeholders to ensure appropriate input to scenario workshops.
o Provide guidance to 1st line regarding risk framework, policies and procedures; support policy owners in applying the Quilter Group Policy Framework.
o Oversee exemptions and waivers process for IT, Information Security (IS) and Resilience policy areas; escalate concerns to policy specialists as needed.
o Contribute to second line assessment and sign-off of the Letter of Representation (LoR) for technology, security and resilience risk.
* Oversight and Challenge
o Provide oversight to ensure risk is managed within appetite; support risk oversight through thematic or deep-dive reviews; identify and mitigate key risks with stakeholders.
o Oversee 1st line risk assessments of technology, resilience and security initiatives; challenge technical design and effectiveness of key controls where required.
o Stay up to date with regulatory changes (e.g., FCA/PRA Operational Resilience, DORA) and develop/enhance risk, control and performance indicators for technology, security and resilience risk exposures.
o Support strategic business development and change management to address risk exposures and drive the risk agenda in line with strategic goals.
o Assist Risk Monitoring & Oversight with detailed analysis of material risk events and ensure mitigating actions are taken.
o Oversee Risk and Control Self Assessments (RCSA) completed by Management for key risk areas; act as SME for queries.
* Communication & Stakeholder Engagement
o Communicate risk purpose and strategy to stakeholders across technology, security and resilience areas.
o Collaborate with the GRC team within Technology to design and implement the Risk Framework and oversee risk management activities.
o Foster a risk-aware culture across the technology, security and resilience community; act as the 2nd line point of contact for risk expertise.
* Risk Reporting
o Contribute to governance forums and senior management on technology, security and resilience risk.
o Promote continuous improvement of risk reporting content; support businesses in developing technology, security and resilience Risk MI.
o Oversee external risk reporting (group, regulators, rating agencies) and support the Group CRO with content quality and messaging for risk reports and ad hoc presentations.
About You
* Experience in a technology, security and/or resilience role, preferably within UK financial services.
* IT risk management, IT audit or security certification (e.g., CRISC, CISA, CISSP) is desirable but not essential.
* Ability to discuss and challenge technology topics with SMEs and convey technical concepts to senior management.
* Commercial mindset with robust ability to challenge thinking and deliver competitive advantage.
* Knowledge of best-practice frameworks (e.g., NIST, CIS, ISO27001, ISO22301) is advantageous.
* Proven influencing skills at senior levels with strong communication and relationship-building abilities.
Inclusion & Benefits
We value diversity and promote inclusivity. We offer equal opportunities and welcome candidates based on skills and potential.
* Do the right thing: integrity and client service excellence
* Always curious: continuous learning and improvement
* Embrace challenge: high ambition and meaningful outcomes
* Stronger together: collaboration, open communication, and empowerment
* Core Benefits
* Holiday: 182 hours (26 days)
* Pension: non-contributory company pension with optional personal contributions
* Private Medical Insurance: single cover with options to extend
* Life Assurance: 4x salary
* Income Protection: 75% of salary after 26 weeks
* Healthcare Cash Plan: available (UK employees)
Seniority level
Mid-Senior level
Employment type
Full-time
Job function
Finance and Sales
#J-18808-Ljbffr