Technology Risk Manager

The Bank of England is the UK's central bank. Our mission is to deliver monetary and financial stability for the British people.

The Bank of England is a diverse organisation, made up of approximately 4,000 people – each committed to public service and dedicated to promoting the good of the people of the United Kingdom by maintaining monetary and financial stability.

Risk management in its broadest sense is at the core of our mission and is central to everything we do. As well as the diverse policy risks managed by the Bank's three policymaking committees, the Bank is also exposed to a wide array of financial and non-financial risks.

The Risk Directorate brings together various second line functions – Bankwide Risk, Financial Risk & Resilience, and the Bank’s central Compliance Division, including Privacy. The Risk Directorate also includes Business Continuity Management.

Department Overview

Enterprise Risk and Resilience Division sits within the Risk Directorate as the second line of defence. It is led by the Executive Director, Risk who reports to the Governor with a dotted reporting line to the Chair of ARCo (Audit and Risk Committee). Risk Directorate comprises three divisions: ERRD, Financial Risk and Resilience and Compliance.

ERRD proactively manages non-financial risks, including technology and security risks, to protect and support the Bank in achieving its mission. The Second Line takes a view in defining risk frameworks, overseeing effective execution of the processes for managing risk, and ensuring this provides complete and transparent input into the risk governance process

Working in the Division provides an excellent opportunity to work with all areas of the Bank including senior leaders. We are committed to ensuring diversity, equity and inclusion within the Directorate: including diversity of skills, perspectives and background. We have a flexible working environment and are fully committed to making reasonable adjustments to support colleagues.

Job Description

Our team supports the first line in how they address Bank-wide security (cyber, information, personnel (insider), physical security, money laundering and fraud risks) and technology risk (such as risks associated with program delivery, obsolescence or change).

As Technology risk manager you are the second line SME and will drive the work to assess how well these risks are understood and treated. We build key relationships across the business and support, influence and guide the operational teams in their prioritisation and treatment of risk. Your priorities will be to understand and engage with the expected technology risks of any large organisation (such as cloud, obsolescence, change), but also to coordinate the technology risk management for our payments systems (critical national infrastructure).

We build engagement with key projects and programmes to support the identification of risks, as well as understanding the business impact of these risks crystallising so that we can influence and support their prioritisation. We must provide effective, transparent second line challenge and support at key committees. We help draft papers, provide formal supporting comments and brief the relevant decision makers within and outside of these reporting rounds.

We work to embed effective risk management and behaviours within operational areas by encouraging their use of tools such as metrics, self-assessments, and action tracking. Further, we move the risk agenda forward through undertaking “deep dives” into thematic risks.

Our team is small and there are many opportunities for broader career development either by getting involved in the analysis of a range of risk work, through supporting colleagues during absence, or to soften workload peaks throughout the year.

Our values are important, and you will develop others through sharing information effectively, mentoring and communicating a clear vision so that your contacts are productive, engaged and motivated to deliver the area's aims. This includes being able to set clear goals and smart, stretching objectives aligned to those of the team, division and directorate.

Number of direct reports: 0

Role Requirements

Minimum Essential Criteria

• A relevant qualification such as CISM, CISA, CRISC or equivalent, or the ability to evidence that you are actively working towards this.
• Experience in delivering papers or presenting technology issues to operational or risk forums, or decision making leadership forums.
• Excellent leadership and partner management skills are vital to support our work. You must be credible to senior colleagues and show recent experience of influencing leaders within your organisation.
• Current or recent experience in a relevant field, such as technology risk, or first line technology operations, or similar.
• You are expected to have an understanding of risk frameworks and cycles.

Desirable Criteria

• Strong written and oral communication skills - our risk managers need to make an impact and influence decision makers through drafting papers for, and attending, senior level committee meetings, as well as representing the Bank externally.
• Knowledge of risk management tools (such as Archer) to review risks and assess effectiveness of controls will be beneficial.
• You will be able and willing to develop their knowledge of the other security risk responsibilities. This experience will be used to constructively support our colleagues in addressing security weaknesses.
• You should take a very broad and forward-looking view of the Bank’s multifaceted responsibilities and objectives, and the risks it faces in delivery of them to horizon scan for emerging security risks
• Prior experience of second line risk management is useful but not essential

Our Approach to Inclusion

The Bank values diversity, equity and inclusion. We play a key role in maintaining monetary and financial stability, and to do that effectively, we believe we need a workforce that reflects the society we serve.

At the Bank of England we want all colleagues to feel valued and respected, so we're working hard to build an inclusive culture which supports people from all backgrounds and communities to be at their best at work. We celebrate all forms of diversity, including (but not limited to) age, disability, ethnicity, gender, gender identity, race, religion, sexual orientation and socioeconomic status. We believe that it’s by drawing on different perspectives and experiences that we’ll continue to make the best decisions for the public.

We welcome applications from individuals who work flexibly, including job shares and part time working patterns. We've also partnered with external organisations to support us in making adjustments for candidates and employees in the recruitment process where they're needed.

For most roles where work can be carried out at home, we aim for colleagues to spend half of their time in the office, with a minimum of 40% per month. Subject to that minimum requirement, individuals and managers should work together to find what works best for them, their team and stakeholders.

Finally, we're proud to be a member of the Disability Confident scheme. You can find more information on what this means here. If you wish to apply under this scheme, you should check the box in the ‘Candidate Personal Information’ under the ‘Disability Confident Scheme’ section of the application.

Salary and Benefits Information

This specific role offers a base salary of circa £70,500 - £89,000 per annum (depending on skills and experience) on a full-time basis. We encourage flexible working, part time working and job share arrangements. Part time salary and benefits will be on a pro-rated basis as appropriate.

In addition, we also offer a comprehensive benefits package as detailed below:

• A non-contributory, career average pension giving you a guaranteed retirement benefit of 1/95th of your annual salary for every year worked. There is the option to increase your pension (to 1/50th) or decrease (to 1/120th) in exchange for salary through our flexible benefits programme each year.
• A discretionary performance award based on a current award pool.
• A 7% benefits allowance with the option to take as salary or purchase a wide range of flexible benefits. (Note that from April 2023 and for the Benefits year 2023/24, this will increase to 8%)
• 26 days’ annual leave with option to buy up to 12 additional days through flexible benefits.
• Private medical insurance and income protection.

National Security Vetting Process

Employment in this role will be subject to the National Security Vetting clearance process (and typically can take between 6 to 12 weeks post offer) and the passing of additional Bank security checks in accordance with the Bank policy. Further information regarding the vetting and security clearance requirements for the role will be provided to the successful applicant, and information about how the Bank processes personal data for these purposes, is set out in the Bank’s Privacy Notice at Privacy and the Bank of England | Bank of England.

The Application Process

Important: Please ensure that you complete the ‘work history’ section and answer ALL the application questions fully. All candidate applications are anonymised to ensure that our hiring managers will not be able to see your personal information, including your CV, when reviewing your application details at the screening stage. It’s therefore really important that you fill out the work history and application form questions, as your answers will form a critical part of the initial selection process.

The closing date for applications is 4 June 2023.

The assessment process will comprise of two stages, with an aim for first interviews to completed by mid-June. #LI-BC1