Role Overview
Santander UK is looking for a Technology & Operations Risk Manager based out of Unity Place, Milton Keynes or Glasgow. This role will provide independent oversight and challenge across technology and cyber risk, ensuring that risks are accurately identified, assessed, and managed within appetite. It requires strong expertise in cybersecurity, IT risk, and control frameworks, as well as the ability to analyse risk data, challenge control environments, and drive improvements across Technology & Operations (T&O). The role’s focus is on ensuring that risk frameworks are robust, data‑driven, and aligned to regulatory expectations, with clear visibility of risk exposure and control effectiveness.
Responsibilities
* Providing independent oversight and challenge of Technology & Operations risk, ensuring alignment with Operational Risk Management frameworks.
* Reviewing and challenging Risk & Control Self‑Assessments (RCSA), ensuring completeness, accuracy, and robust control design.
* Ensuring quality and integrity of Risk & Control Profiles (RCPs), including risk identification, control mapping, and residual risk assessment.
* Overseeing risk data within tooling (e.g. Heracles), ensuring alignment across risks, issues, events, and risk appetite statements.
* Monitoring adherence to Risk Appetite Statements (RAS), supporting breach management, root cause analysis, and remediation tracking.
* Challenging control effectiveness, thematic reviews, and testing outcomes to identify systemic weaknesses.
* Producing and analysing risk MI and reporting, identifying emerging risks, trends, and control gaps.
* Driving continuous improvement of governance artefacts, processes, and risk engagement models across T&O.
Qualifications
Experience
* Experience in technology risk, cyber risk, or operational risk within financial services (Required).
* Experience providing independent oversight, challenge, or audit of control environments (2LoD or equivalent) (Required).
* Experience working with RCSA, risk frameworks, and control assessment methodologies (Required).
* Experience producing risk reporting and MI for governance forums (Required).
Education & Certifications
* Undergraduate degree in Cybersecurity, Information Technology, Risk, or related field (Preferred).
* Professional certifications such as CISA, CISSP, CISM, or equivalent (Preferred).
Languages
* English (Required).
Hard Skills
* Strong knowledge of cybersecurity risk, IT risk, and control frameworks (e.g. NIST, ITIL) (Required).
* Experience with risk tooling and data management (e.g. Heracles or similar platforms) (Required).
* Understanding of risk appetite frameworks, RCSA processes, and control testing methodologies (Required).
* Knowledge of technology architecture, cyber threats, and vulnerability management concepts (Required).
* Experience analysing risk data, events, and trends to identify control weaknesses (Required).
* Familiarity with regulatory expectations (FCA/PRA) and operational risk frameworks (Required).
Soft Skills
* Strong analytical thinking and problem‑solving capability (Required).
* Ability to challenge effectively and influence stakeholders across multiple levels (Required).
* Strong communication skills, translating technical risk into business impact (Required).
* High attention to detail and commitment to data accuracy and governance (Required).
* Ability to work across teams and drive collaboration in complex environments (Required).
Benefits
* Wellbeing support across physical, mental, social and financial pillars.
* Flexible work arrangements: hybrid schedule, at least 12 office days per month.
* Paid leave: 30 days plus bank holidays (31 days after 5 years of service), option to purchase up to 5 contractual days.
* Car allowance: £6,000 per year.
* Company‑funded private medical insurance.
* Death‑in‑service and income protection insurance, with options for additional life assurance and critical illness cover.
* Share plan participation.
* Employee product discounts with no fees.
Salary
* £64,000.00 – £96,000.00 per annum (depending on experience).
We are committed to creating an inclusive recruitment experience, providing equality of opportunity regardless of age, gender, disability, civil status, race, religion or sexual orientation.
J-18808-Ljbffr