IT Operational Risk Manager
The position combines hands-on execution with program development, including enhancing frameworks, improving reporting, and helping ensure risks, control gaps, and remediation efforts are clearly tracked and communicated.
Key Responsibilities
Technology Risk Identification and Assessment
- Identify and assess operational risks related to technology, information security, and data practices
- Partner with cross-functional teams to evaluate control environments and uncover gaps
- Support risk assessments across areas such as cybersecurity, privacy, data protection, business continuity, and emerging technologies
- Track risk themes and trends to highlight areas requiring increased attention
Risk Framework and Governance
- Support the development and refinement of risk frameworks, methodologies, and documentation standards
- Contribute to the design and maintenance of risk taxonomies and control libraries
- Drive consistency in how risks are identified, evaluated, and reported across teams
- Work within a GRC environment to support risk and control activities
Risk Reporting and Metrics
- Assist in building reporting for risk exposure, control gaps, and remediation progress
- Develop dashboards, metrics, and key risk indicators to provide visibility into risk trends
- Prepare materials for senior stakeholders and governance forums
- Translate technical risk concepts into clear, business-focused insights
Privacy and Data Protection
- Support risk assessments tied to data usage, privacy practices, and third-party relationships
- Partner with relevant stakeholders to identify and document privacy-related risks
- Assist in tracking issues, remediation activities, and risk outcomes tied to data protection efforts
Business Continuity and Resilience
- Participate in business impact analyses and continuity planning efforts
- Help identify critical systems, dependencies, and recovery requirements
- Assess technology-related continuity risks and support mitigation planning
Emerging Technology and AI Risk
- Contribute to governance and risk management practices for emerging technologies
- Support assessments, control design, and monitoring related to AI use cases
- Partner across teams to evaluate risks tied to new tools and platforms
Issue Management and Remediation
- Track remediation efforts and follow up on action plans and target dates
- Support escalation of high-risk or overdue items
- Ensure issues and responses are documented appropriately
Regulatory Alignment
- Support alignment with regulatory expectations and industry standards related to technology risk
- Stay informed on evolving requirements across cybersecurity, privacy, and data protection
- Partner with compliance and legal teams to assess impact of regulatory changes
Stakeholder Collaboration
- Build relationships across IT, security, privacy, compliance, and business teams
- Communicate risk insights and updates clearly to a range of audiences
- Act as a trusted partner in strengthening risk awareness and practices
Qualifications
- Experience in operational risk, technology risk, or a related discipline
- Knowledge of information security, data protection, privacy, and business continuity concepts
- Experience supporting risk assessments, control evaluations, and issue tracking
- Familiarity with GRC tools and risk management processes
- Strong analytical and communication skills, with the ability to translate technical topics into business language
- Ability to work across multiple stakeholders and functions
Preferred Background
- Experience in a regulated industry such as financial services or similar environments
- Exposure to cross-functional teams including IT, security, privacy, and compliance
- Experience supporting risk frameworks, reporting, and governance practices
- Familiarity with emerging technology or AI-related risk
FAQs
Congratulations, we understand that taking the time to apply is a big step. When you apply, your details go directly to the consultant who is sourcing talent. Due to demand, we may not get back to all applicants that have applied. However, we always keep your CV and details on file so when we see similar roles or see skillsets that drive growth in organisations, we will always reach out to discuss opportunities.
Yes. Even if this role isn’t a perfect match, applying allows us to understand your expertise and ambitions, ensuring you're on our radar for the right opportunity when it arises.
We also work in several ways, firstly we advertise our roles available on our site, however, often due to confidentiality we may not post all. We also work with clients who are more focused on skills and understanding what is required to future-proof their business.
That's why we recommend registering your CV so you can be considered for roles that have yet to be created.
Yes, we help with CV and interview preparation. From customised support on how to optimise your CV to interview preparation and compensation negotiations, we advocate for you throughout your next career move.