Technology & Operations Risk Manager | S3 | Chief Information & Resilience Office | Multiple Locations
Country: United Kingdom
IT STARTS HERE
Santander (www.santander.com) is evolving from a global, high-impact brand into a technology-driven organisation, and our people are at the heart of this journey. Together, we are driving a customer‑centric transformation that values bold thinking, innovation, and the courage to challenge what’s possible.
This is more than a strategic shift. It’s a chance for driven professionals to grow, learn, and make a real difference.
Our mission is to help more people and businesses prosper. We embrace a strong risk culture and expect all professionals to take a proactive and responsible approach toward risk management.
Santander Digital Services is the team of technology and operations at Santander. We are convinced of the importance of technology that is aligned with the requirements of the business and that our work not only brings value to users, people and communities but also fosters individual creativity. Our team of over 7,000 people in 8 countries (Spain, Portugal, Poland, UK, USA, Mexico, Chile and Brazil) develops and/or implements financial solutions across a broad spectrum of technologies, including Blockchain, Big Data and Angular, on all kinds of on‑premise and cloud‑based platforms.
THE DIFFERENCE YOU MAKE
Santander UK is looking for a Technology & Operations Risk Manager based out of Unity Place, Milton Keynes or Glasgow.
This role will provide independent oversight and challenge across technology and cyber risk, ensuring that risks are accurately identified, assessed and managed within appetite.
It is a technically focussed First Line of Defence (1LoD) role, requiring strong expertise in cybersecurity, IT risk and control frameworks, as well as the ability to analyse risk data, challenge control environments and drive improvements across Technology & Operations (T&O).
You will play a key role in ensuring that risk frameworks are not just followed, but are robust, data‑driven and aligned to regulatory expectations, with clear visibility of risk exposure and control effectiveness.
To succeed in this role, you will be responsible for:
* Providing independent oversight and challenge of Technology & Operations risk, ensuring alignment with Operational Risk Management frameworks.
* Reviewing and challenging Risk & Control Self‑Assessments (RCSA), ensuring completeness, accuracy and robust control design.
* Ensuring quality and integrity of Risk & Control Profiles (RCPs), including risk identification, control mapping and residual risk assessment.
* Overseeing risk data within tooling (e.g. Heracles), ensuring alignment across risks, issues, events and risk appetite statements.
* Monitoring adherence to Risk Appetite Statements (RAS), supporting breach management, root cause analysis and remediation tracking.
* Challenging control effectiveness, thematic reviews and testing outcomes to identify systemic weaknesses.
* Producing and analysing risk MI and reporting, identifying emerging risks, trends and control gaps.
* Driving continuous improvement of governance artefacts, processes and risk engagement models across T&O.
WHAT YOU’LL BRING
Our people are our greatest strength. Every individual contributes unique perspectives that strengthen the team and the organisation. We’re enabling teams to go beyond by valuing who they are and empowering what they bring.
The following requirements represent the knowledge, skills and abilities essential for success in this role. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Professional Experience
* Experience in technology risk, cyber risk or operational risk within financial services (Required).
* Experience providing independent oversight, challenge or audit of control environments (2LoD or equivalent) (Required).
* Experience working with RCSA, risk frameworks and control assessment methodologies (Required).
* Experience producing risk reporting and MI for governance forums (Required).
Education
* Undergraduate degree in Cybersecurity, Information Technology, Risk or a related field (Preferred).
* Professional certifications such as CISA, CISSP, CISM or equivalent (Preferred).
Languages
* English (Required).
Hard Skills
* Strong knowledge of cybersecurity risk, IT risk and control frameworks (e.g. NIST, ITIL) (Required).
* Experience with risk tooling and data management (e.g. Heracles or similar platforms) (Required).
* Understanding of risk appetite frameworks, RCSA processes and control testing methodologies (Required).
* Knowledge of technology architecture, cyber threats and vulnerability management concepts (Required).
* Experience analysing risk data, events and trends to identify control weaknesses (Required).
* Familiarity with regulatory expectations (FCA/PRA) and operational risk frameworks (Required).
Soft Skills
* Strong analytical thinking and problem‑solving capability (Required).
* Ability to challenge effectively and influence stakeholders across multiple levels (Required).
* Strong communication skills, translating technical risk into business impact (Required).
* High attention to detail and commitment to data accuracy and governance (Required).
* Ability to work across teams and drive collaboration in complex environments (Required).
WE VALUE YOUR IMPACT
* Salary Range:
£64,000.00 – £96,000.00 per annum (depending on experience)
Annual salary is based on a standard 35‑hour working week. Actual salary offered will depend on skills, experience, qualifications and location.
* 30 days’ holiday plus bank holidays, which increases to 31 days after 5 yrs service, with the option to purchase up to 5 contractual days per year.
* £6,000 car allowance per year.
* Company funded individual private medical insurance.
* Protection for you and your family, with company‑funded death‑in‑service benefit and income protection insurance, and the option to take advantage of discounted rates for additional life assurance and critical illness cover.
* Share in Santander’s success by saving or investing in our share plans.
* As a Santander UK employee, you are able to request staff versions of our products like our Edge Current Accounts and Credit Cards with no fees, as well as apply to many other deals and discounts in Santander products and services.
* Competitive rewards that reflect the real impact you make and the value you bring.
* Wellbeing that goes beyond work– we work with a range of wellbeing partners across our 4 pillars of wellbeing (physical, mental, social and financial) to give you access to a suite of apps, discounted gym and fitness access, weekly online classes, flexible healthcare and mental health support.
* Support for every life stage– from menopause and pregnancy to parenthood and beyond, with enhanced family leave, childcare options and tailored wellbeing support.
* Time to give back through volunteering opportunities that let you make a difference in the communities we serve.
* Global growth opportunities to shape your career, learn new skills and explore what’s possible across our international network.
Ready to be recognised? It starts with you.
LOCAL COMPLIANCE
At Santander, we’re proud to be an inclusive organisation that provides equal opportunities for everyone – regardless of age, gender, disability, civil status, race, religion or sexual orientation.
We’re committed to creating a recruitment experience that’s accessible, fair and welcoming for all candidates.
We want our people to thrive – at work and at home – while delivering the best outcomes for our customers and supporting each other to grow.
To make this possible, our roles are site‑based with a hybrid working pattern, where colleagues are expected to attend the office at least 12 days per month (pro‑rata for part‑time roles).
When applying, please consider the travel distance, time and cost to your chosen office location(s).
Right to work in the UK
* Every individual must have the right to work in the UK to commence employment with Santander either by way of nationality, visa or work permit. If you do require a working visa/permit this will not influence our decision on whether to progress your application. However, if you do not have a right to work, or an application for a working visa/permit is unsuccessful, Santander will not proceed with your application and will withdraw any conditional offer previously made.
We welcome applications on the understanding that, should you be offered this role, there may be no relocation package available. Santander will pay the employer mandatory government fees that are required to pay in connection with visa sponsorship. You may be liable for your own personal employee immigration and relocation costs.
WHAT TO DO NEXT
If this sounds like a role you are interested in, then please apply.
If theres anything we can do in the recruitment process to help you achieve your best, get in touch. Whether its a copy of our application form in another format or additional assistance, were available through email. You can contact us at resourcing@santander.co.uk.
J-18808-Ljbffr