Technology & Cyber Risk Manager

Shift Pattern: Standard 40 Hour Week (United Kingdom)

Scheduled Weekly Hours: 40

Corporate Grade: D - Assistant Vice President

Reporting Line: (UK Division) Risk - 2nd Line

Location: UK-London

Worker Type: Permanent

The London Metal Exchange (LME) is the world centre for industrial metals trading. Most of the world's global non-ferrous futures business is conducted on the LMEs three trading platforms totalling $18 trillion 178 million lots and 4 billion tonnes with a market open interest high of 1.8 million lots in 2024.

The metals community uses the LME as an HKEX Group company as a venue to transfer or take on price risk as a physical market of last resort and as the provider of transparent global reference prices.

The Technology & Cyber Risk Manager is responsible for supporting the Head of Technology & Change Risk in the development maintenance and oversight of the technology information security / cyber change and data risk frameworks and associated risks ensuring the employment of adequate controls and risk reporting. They are responsible for developing and evaluating the overall technology and cyber risk landscape and the potential impact to the London Metal Exchange (LME) Groups operational resilience.

The Technology & Cyber Risk Manager will work closely with the rest of the LME Group Risk Management department and collaboratively with the Hong Kong Exchanges Group (HKEX) parent company to design and establish robust 2nd Line monitoring oversight and assurance processes. They will provide risk guidance and support to the 1st line and assist the Technology functions and broader departments in the identification assessment treatment monitoring and reporting of their technology and resilience risks.

The role supports the delivery and implementation of the wider Enterprise Risk Management Framework (ERMF) for the LME Group.

Work with 2nd line of defence colleagues to facilitate delivery of the technology risk and operational resilience elements of LMEs ERMF.

Work closely and cooperatively with the 1st 2nd and 3rd line teams to ensure that technology risks are identified assessed reported and managed appropriately.

Help to develop and maintain reporting of the technology cyber data and change key risk indicators (KRIs) in line with the wider LME Group risk appetite statements.

Lead 2nd line oversight of internal technology incidents and have an active involvement in any post incident reviews.

Working with the cross functional teams to develop and implement the Technology Risk & Control Self-Assessment process to identify and assess key risks / internal controls.

Participate in key technology projects and change initiatives to bring pro-active risk management focus into the final delivery and solutions. Support signature projects by conducting risk and control assessments.

Support LME Group maturity projects to enhance operational resilience risk management.

Assist in producing the relevant technology risk reports for both LME and HKEX management and the various Risk Audit and Technology Governance Committees as required.

Work with the HKEX Group colleagues to ensure the consistency of the LME technology risk programme with Group policies and procedures. Maintain the LME Group policy and processes working with colleagues in Hong Kong and London.

ITIL Foundation CISA CISM CISSP CRISC or equivalent IT / Technology / Information Security qualification is desirable but not essential.

Risk Management qualification is desirable but not essential.

Experience in the IT / Technology / Information Security risk management and / or IT Audit domains or have operated equivalent related activities within the financial industry.

Understanding and experience of complex Technology systems and industry Operational Resilience regulations.

Worked in a technical role delivering / operating Technology systems desirable but not essential.

Executed Technology risk oversight for change activities desirable but not essential.

Ideally the successful candidate will have experience of working within an Exchange and / or Clearing House - desirable but not essential.

The LME is committed to creating a diverse environment and is proud to be an equal opportunity recruiting for our teams we welcome the unique contributions that you can bring in terms of education ethnicity race sex gender identity expression & reassignment nation of origin age languages spoken colour religion disability sexual orientation and doing so we want every LME employee to feel our commitment to showing respect for all and encouraging open collaboration and communication.

Manager

• Arm
• Risk Management
• Financial Services
• Cybersecurity
• COSO
• PCI
• Root cause Analysis
• COBIT
• NIST Standards
• SOX
• Information Security
• RMF

Full-Time

years

1