Technology Compliance Officer - Vice President

Based in our Bournemouth or London office, you will challenge the technology and cybersecurity function and will play a critical role in regulatory engagement with supervisory authorities. You will work closely with the wider Technology & Cybersecurity CCOR team who is responsible for the design and oversight of the 2nd Line of Defence independent risk management program for technology and cybersecurity risks. As part of the team, you will also be able to broaden this platform to work on legal entity, regional and global initiatives, in addition to being part of local and firmwide community, diversity, equity and inclusion initiatives.

As a Technology Compliance Officer in our Technology & Cyber CCOR team, you will have the opportunity to materially contribute and develop the Technology Compliance programme through your deep knowledge and experience of European and global technology and cybersecurity laws, rules and regulations.

Job responsibilities

• Perform regulatory assessments of technology compliance related initiatives, including resiliency, outsourcing and cloud technology related matters
• Review regulations and impact assessments, and work with divisional partners to advise the relevant owners on the development of policies and procedures within the legal entity and across other group legal entities as necessary
• Keep abreast of technology and data privacy regulatory and legislative changes and provide advice to enable the business to implement applicable changes and operate in a compliant and controlled manner
• Drive the development of the regional and legal entity alignment to the CCOR framework, including IT Risk Profile, KRIs, Loss Data, Scenario Analysis
• Support the review of significant events (including security events) over a defined economic threshold, including but not limited to, examination of event and resolution, back-testing against the firm’s risk management framework results, metrics, escalations, reporting, and scenarios
• Perform ongoing monitoring to ensure appropriate application of policies, standards and procedures
• Provide independent assessments of the risks and controls related to the adoption of technologies including Cloud, AI/ML and IoT
• Participate in the assessment of emerging risks as part of strategic business risk reviews, analysis of regulatory and market developments, New Business Initiative Approvals and review of external risk events

Required qualifications, capabilities, and skills

• Strong experience in cybersecurity, governance, operational risk or technology compliance experience within the financial services industry or experience in an equivalent role in the technology industry
• Knowledge of key IT laws, rules and regulations for the UK and European Union is a pre-requisite (i.e. , DORA, EU AI Act, MiCA, NIS, PRA SS1/21 etc.)
• Knowledge and experience with Information Security and Risk Management standards and frameworks such as NIST, ISO 27001/27002 and modern development practices and supporting toolsets (e.g. Agile, DevOps)
• Ability to understand complex technical systems and the business processes they support and synthesize the corresponding risks and controls and recommend adjustments if required
• Understanding of technology risk management and control principles with a proven ability to anticipate and identify risks and effective mitigating actions
• Strong organizational, project management, multi-tasking and stakeholder management skills with demonstrated ability to manage expectations and deliver results with a high level of professionalism, self-motivation, and integrity

Preferred qualifications, capabilities, and skills

• Professional IT and Information Security certifications such as CISSP, CISA, CISM, CRISC, CGEIT as well as Cloud related certifications (e.g. CCSP, CCAK, AWS Certified Practitioner) are beneficial
• Knowledge of innovative and automation technologies such Alteryx, UiPath, Qlik sense, Tableau etc