IT Risk Manager

We are looking for an IT Risk Manager to join our Technology team. You will manage IT risk across the technology estate and turn the Orbis IT Risk Framework into repeatable assessments, controls and governance‑ready evidence.

This is a hands‑on role: you will work with Technology, business and assurance teams to reduce real risk to production services and third parties. You will also help implement and maintain frameworks that protect our data, technology and operational capability, directly supporting the firm's ability to deliver consistent client value and meet technology and data‑related regulatory obligations.

You will bridge technical teams and senior leaders, ensuring technology and data risk activity informs decisions and is embedded into how we build, change and run services.

• Culture. We are committed to our Core Values. We encourage intellectual curiosity and individualism as well as collaboration across different areas of the business. We seek to hear our people's voices - whether quiet or loud. Sharing ideas and challenging the status quo are commonplace.
• Autonomy. While guidance and support are provided, team members own their work and projects.
• Growth opportunities. We support our people in continuous learning and development.
• Agile environment. We are committed to providing a work environment that balances the needs of our clients; the needs of our teams; and the personal needs, commitments, and interests of our people.
• Philanthropy. Our people can contribute to society in a unique and personal way, through various philanthropy opportunities and programmes.

• Translate strategic direction from senior risk and security leaders into measurable deliverables
• Chair and lead IT governance forums, ensuring decisions, actions and risks are clearly recorded and followed up
• Operate the Orbis IT Risk Management Framework and ensure alignment with enterprise risk appetite and regulators
• Own technology risk assessments, IT risk register and remediation. Work closely with senior management to manage exposures and deliver concise risk reporting
• Support control testing and periodic assurance. Embed IT risk practices into projects, change and BAU.
• Help implement data protection controls to meet relevant global privacy regulations (e.g. GDPR, UK DPA)
• Maintain data inventories, records of processing and classification standards
• Map critical business services, dependencies and impact tolerances, ensure RTOs/RPOs remain aligned with business needs
• Support design, testing and maintenance of BCPs and DR for critical systems and processes
• Keep IT frameworks, policies, standards and procedures up to date and accessible
• Monitor applicable regulatory and industry requirements related to IT risk, resilience, and data protection, support updates to internal frameworks and practices

• Strong technical understanding across key security domains, including security tooling, secure software development, cloud security, infrastructure and network
• Practical experience in maintaining an IT Risk Register
• Proficiency in running technology risk assessments, supporting control testing, and ensuring remediation is complete
• Practical familiarity with FCA, DORA and GDPR and how they apply to technology, third‑party risk and reporting
• Knowledgeable with third‑party due diligence processes and supplier risk monitoring.
• Experience in presenting to governance forums and influencing technical and business stakeholders with clear evidence and options
• Organised and delivery‑focused: you manage concurrent assessments, assurance cycles and audit requests to agreed deadlines

• Experience with incident response, BCP/DR and resilience testing
• Prior audit experience working with internal and external auditors and preparing evidence packs
• Vendor contract and SLA experience

To complete your application, please submit your resume, cover letter and transcripts (all post‑secondary to this point; unofficial are accepted).