Technology Risk Manager

Are you passionate about enabling innovation safely in a highly regulated environment? We are seeking a Technology Risk Manager to join our Risk & Compliance function and operate as part of the First Line of Defence (1

LoD) in protecting the firm against existing and emerging risks. In this role, you will help the firm identify, assess, manage and report technology risks including those relating to Data, AI and Operational Resilience embedding pragmatic risk management into day-to-day delivery, operational processes and third-party relationships. You will partner closely with Technology, Information Security, Data, Legal, Compliance and business stakeholders to ensure that risk is understood, owned, and managed in line with the firm's risk appetite—supporting growth, client trust and the right regulatory outcomes.

Risk and Compliance work in collaboration with the business to ensure best practice across the Firm, effectively managing all aspects of the regulation surrounding the efficient running of the Firm. We are looking for someone with high attention to detail who prides themselves on providing excellent service.

The Risk and Compliance team is working closely with the Technology and Cyber teams at Mishcon de Reya to ensure colleagues and clients facing products and services are secure, resilient and well-governed. This role strengthens our ability to scale responsibly by ensuring risk management is embedded into how we operate and change globally. This role will report to the General Counsel.

• Act as a risk partner supporting Technology leadership and teams to own and manage risks within their areas.
• Maintain a clear view of the firm's technology risk profile across Data, AI and Operational Resilience and Technology operations e.g., infrastructure, cloud, applications, identity, endpoints, collaboration tooling. This includes maintaining a Technology Risk Register.
• Translate regulatory and internal requirements into practical controls and guidance, regularly assessing and reporting on the design and operating effectiveness of the control environment through controls validation.
• Promote a strong risk culture: "secure and compliant by design" while enabling pace and innovation.

• Work with the Technology Business Solutions, DPO and Data Governance teams to support effective management of data risks including:
• Updating policies and minimum standards.
• Independently validating the Data Governance Framework and assessing the design and operating effectiveness of key controls.
• Assessing, reporting on and tracking risk mitigation plans where risks are outside appetite.

• Help maintain and embed AI risk management for both internal and client-facing use cases, including:
• Use‑case/product risk assessments (privacy, security, bias/fairness, explainability, IP, confidentiality).
• Approval pathways and guardrails for generative AI tools.
• Model/solution lifecycle controls (testing, monitoring, change management).
• Support creation and maintenance of AI standards, playbooks and minimum control baselines aligned to the firm's risk appetite.

• Partner with Cyber Security to ensure security risks are identified, documented and actively managed across teams (Technology, brand etc.).
• Assess and report on the design and operating effectiveness of security controls ensuring control failures are addressed on a timely basis and reported/escalated where necessary.
• Where applicable, assist with security risk acceptances: ensuring decisions are documented, time‑bound, and include remediation plans.

• Assess and report on risk management for technology operations, including:
• Availability, resilience, backup and recovery of critical services
• Capacity, obsolescence and technical debt
• Change/release risk and service stability
• Contribute to business continuity and disaster recovery planning, testing and lessons learned.
• Monitor incident governance: capturing risk themes, root causes, control improvements and reporting.

• Help embed…