Director - Technology Risk

Job Title

Director – Technology Risk

Role Purpose

The Director – Technology Risk is accountable for end-to-end oversight of technology risk management , ensuring the organisation’s technology environment is secure, resilient, compliant, and regulator-ready . The role partners closely with Technology, Cyber Security, Data, and Business leaders to identify, assess, mitigate, and govern technology risks across applications, infrastructure, cloud, data, and third-party ecosystems.

Key Responsibilities

Technology Risk Strategy & Governance

• Define and execute the Technology Risk Management framework aligned to enterprise risk appetite and regulatory expectations.
• Establish and oversee governance forums covering technology risk, cyber risk, resilience, and third-party risk .
• Act as a senior risk advisor to CIO, CISO, and business leadership.

Risk Identification, Assessment & Monitoring

• Own technology risk assessments across applications, infrastructure, cloud, data platforms, and emerging technologies.
• Oversee control design, effectiveness testing, and issue remediation across technology domains.
• Monitor key technology risk indicators (KRIs) and escalate material risks in a timely manner.

Cyber, Resilience & Operational Risk

• Partner with Cyber Security teams on cyber risk oversight , vulnerability management, and incident response governance.
• Provide independent risk challenge on IT resilience, disaster recovery, business continuity, and operational resilience .
• Support major incident management, post-incident reviews, and regulatory reporting.

Third-Party & Cloud Risk

• Oversee third-party technology risk , including vendor due diligence, ongoing monitoring, and exit planning.
• Provide risk oversight for cloud adoption , SaaS platforms, and strategic technology partnerships.

Transformation & Change Risk

• Embed technology risk governance into change, transformation, and digital programs .
• Provide risk challenge and assurance for core banking modernization, cloud migrations, and data programs .
• Enable risk-informed decision-making without impeding speed or innovation.

People & Capability Leadership

• Lead and develop high-performing technology risk teams across locations.
• Build strong succession pipelines and specialist capabilities (cyber, cloud, data, resilience).
• Promote a strong risk culture across Technology and Delivery teams.

Key Stakeholders

• CIO, CTO, CISO & Technology Leadership
• Enterprise Risk, Operational Risk, and Compliance
• Internal Audit & External Auditors
• Regulators and Supervisory Bodies
• GCC & Global Risk Leadership

Experience & Qualifications

Mandatory

• 18+ years of experience in Technology Risk, IT Risk, Cyber Risk, or Operational Risk within banking or financial services.
• Strong understanding of technology controls, cyber security, cloud risk, data risk, and IT resilience .
• Proven experience engaging with regulators, auditors, and senior executives .
• Experience operating in complex, global, matrixed organisations .

Preferred

• Experience supporting or leading GCC / shared services technology risk functions .
• Exposure to large-scale technology transformation programs .
• Relevant certifications (one or more): CISA, CRISC, CISSP, CISM.
• MBA or equivalent postgraduate qualification.