Operational resilience lead

Hybrid role to be based in our Edinburgh office.

Seccl is the Octopus-owned embedded investment platform that’s on a mission to helping more people to invest – and invest well.

We’re B-Corp certified with an amazing product-market fit, impressive early traction and the potential to transform an outdated industry, for the better. We've been growing fast and will scale even faster over the next few years.

We’re also proud to be part of Octopus, the £multi billion group that's on a mission to breathe new life into broken industries, through companies like Octopus Energy, Octopus Investments and Octopus Money.

Check out the Seccl website for the latest on our products and our mission to shape the future of investments.

Are you passionate about building resilience into the heart of a fast-moving, tech-driven business? We’re looking for an operational resilience lead to shape and own the framework that helps keep Seccl running smoothly - even when the unexpected happens.

In this role, you'll lead the development and ongoing improvement of our operational resilience framework, ensuring we meet and exceed UK regulatory expectations. You’ll work will focus on business continuity, third-party resilience, and incident management, collaborating across teams to ensure that our most important services stay within impact tolerances – no matter what.

If you thrive on turning complexity into clarity, and love building processes that scale, this could be your perfect next move.

1. Own and implement Seccl’s operational resilience framework, ensuring it meets FCA/PRA rules.
2. Meet with teams across Seccl to help them identify important business services, assess associated risks, define impact tolerances, and map out key dependencies.
3. Run scenario testing workshops or plan the annual operational resilience review to ensure our framework is always evolving and improving.
4. Jump into an incident call to support swift resolution, then lead a post-incident review to understand what happened and how we can do better next time.
5. Embed business continuity and disaster recovery plans into our broader resilience strategy – making sure we’re ready for the unexpected.
6. Work with business owners to review third-party and supplier risks, ensuring we’re staying compliant with SYSC 8 and EBA guidelines.
7. Prepare a resilience update for our senior leadership, risk committees and regulator, highlighting progress and any emerging issues, and promote resilience awareness and training across Seccl.
8. Represent Seccl at industry resilience forums, sharing ideas and learning from peers.
9. Plan and run internal resilience exercises, including tabletop simulations and recovery testing - bringing teams together to test how we’d respond to a major disruption.

1. You have a strong background in operational resilience, business continuity, and third-party risk in FCA-regulated firms.
2. You have a solid understanding of FCA/PRA rules (PS21/3, PS16/24, SYSC); familiarity with DORA, CP24/28 is a plus. ISO27001 knowledge is a bonus.
3. You have proven experience in managing incidents, crisis response, and follow-up actions.
4. You are skilled in supplier risk, including due diligence, contracts, and SLA oversight.
5. You have experience leading on resilience, engaging senior stakeholders, and building a resilience-focused culture.
6. You have strong analytical skills with a strategic approach to risk and resilience planning.

1. You were Certified/accredited to the following industry organisations: Institute of Risk Management (IRM), Business Continuity Institute (BCI), Disaster Recovery Institute International (DRII).
2. You possessed good knowledge of key resilience standards, including ISO22301, ISO27031, BS11200, ISO22316, and ISO31000.
3. You had some previous experience with outsourcing governance and third-party risk assessments.
4. You have a strong understanding of tech resilience, cloud risks, and cyber resilience.

1. You rely on a lot of top-down direction. Here, you’ll have a lot of freedom and ownership of your role, and you’ll be expected to shape your own progression.
2. You’re not comfortable working in a fast-paced environment. Our speed and scalability are what set us apart; you need to be able to act quickly and think on your feet.
3. You struggle to follow through on ideas. We value people who do what they say they will. If you care about something, you have the freedom here to make it happen.
4. You don’t like change. You’ll get on great here if you relish the ambiguity of rapid growth and are willing to embrace uncertainty.

We offer a generous mix of benefits for the things that really matter to our people, including:

A salary between £85,000 and £95,000 – dependent on experience + reviewed annually.

27 days holiday + bank holidays (some can be flexible) + day off on your birthday + three days (full time) per year for Dependant leave.

Two volunteering days per year.

Length of service award – one month paid sabbatical at eight years.

6% employer pension contribution, and life assurance.

Private medical insurance with AXA Health.

Enhanced Parental leave.

MacBook and up to £500 home office set up budget.

£750 per person learning budget.

Option to work abroad for up to six weeks a year.

Health and wellbeing initiatives including free therapy via Wellness Cloud, mental health support via Headspace.

Strong financial wellbeing focus including access to Octopus Money, Octopus Share Incentive Plan and will writing offering via Octopus Legacy.

Perkbox – Flexi-points giving you a range of discounts and perks including free weekly coffee, gym and retail discounts.

Access to initiatives like Cycle to Work and Octopus Electric Vehicle Leasing.

We're proud to put people first, creating a culture where we truly listen to what matters most to them. Our transparent and inclusive environment encourages diversity of thought, challenge and experimentation.

Check out our Glassdoor page for the latest reviews or our LinkedIn for company updates and insights from the team.

Interviewing is a two-way thing, and we want you to have the time and opportunity to get to know us, as much as we are getting to know you. Our interviews are conversational, so come with questions and be curious. In general, you can expect the interview process to look a bit like this:

1. First stage – 45 mins competencies-based interview with the hiring manager and our CTO.
2. Second stage – one-hour technical interview or assessment with the CRO and head of risk.
3. Final stage – 45 mins bar-raiser culture-based interview.

We’ll only close this role once we have enough applications for the next stage. Please submit your application as soon as possible to make sure you don’t miss out and you should expect to hear back from us within one to two weeks of applying.

Our aim is to build a diverse and inclusive company of awesome people, with unique skills, passions and experiences. All applicants will be considered for employment without attention to age, ethnicity, religion, sex, sexual orientation, gender identity, family or parental status, national origin, or veteran, neurodiversity or disability status.

If this sounds like your kind of thing, we encourage you to apply even if you don’t tick every box. We’d love to hear from you!