IT Risk Manager; LOD

Are you a technology risk professional who thrives in bringing clarity to complex risks, with a proven track record of constructive challenge and practical risk‑based decision‑making?

If that sounds like you, Investec is currently looking for a Technology Risk Manager to join our Operational Risk team in the second line of defence (2

LOD). In this role, you will provide independent oversight and challenge of technology and information security risks across IBP (Investec Bank), helping to ensure risks are understood, well controlled and managed within approved risk appetite.

You will work closely with technology teams, relevant business stakeholders and assurance functions, providing risk‑based challenge across areas such as cloud, cyber security, technology resilience, change management, incident management, third‑party technology services, and AI and emerging technology risks.

This is a hands‑on second line role suited to someone with strong technology risk expertise, the confidence to challenge constructively, and the ability to build trusted stakeholder relationships.

You will be part of the Operational Risk team within IBP Specialist Bank, sitting in the Risk Division and reporting to the Head of Technology & Information Security Risk (2

LoD). The team is responsible for providing independent oversight and challenge across key operational risk themes, working closely with embedded 1

LoD Technology Managers, Technology Management Teams, Internal Audit and IBL Operational Risk.

The team plays an important role in strengthening risk management practices, supporting effective decision‑making and helping to maintain a strong and pragmatic risk culture across the business.

• Providing subject‑matter expertise and independent second‑line challenge over 1
  
  LoD technology risk assessments, and where required conducting independent assessments across applications, infrastructure, third parties and thematic risk areas
• Assessing inherent risk, control effectiveness, residual risk, treatment plans and escalation requirements for risks outside appetite
• Providing guidance and challenge on First‑Line operational risk event reporting to ensure key details, business impact and follow‑up actions are captured accurately and in a timely manner
• Overseeing and challenging risk mitigation plans and closure evidence to ensure remediation actions are specific, measurable, fit for purpose and effectively implemented
• Reviewing and challenging risks proposed for acceptance, ensuring they are clearly articulated, appropriately classified, supported by sufficient rationale, time‑bound, and approved in line with the risk management framework
• Supporting independent review and challenge of critical third‑party technology arrangements, including vendor control environments, exit strategies, resilience plans and technology dependency risks
• Supporting the ICAAP process through technology risk inputs, challenge and insight to inform operational risk capital assessments
• Acting as a trusted adviser to technology stakeholders, providing constructive challenge and helping to strengthen risk culture
• Promoting operational risk awareness and delivering training where required

• Extensive experience in a technology risk and/or IT audit role within a financial institution or other regulated environment
• A strong risk and challenge mindset suited to a second‑line oversight role
• Professional certifications such as CISSP, CRISC, CISA or CISM would be advantageous, as would related experience in project management and technology processes
• Technical understanding across key technology domains including cloud, APIs, Dev Ops, AI, SDLC, cyber security, technology resilience, change management and third‑party technology risk
• Confidence in constructively challenging risk decisions made by the first line of defence
• Ability to take ownership, work autonomously and manage competing priorities effectively
• Demonstrable strength in operational risk management, stakeholder management and applying a risk‑based approach

Investec offers a range of wellbeing benefits to make our people feel healthier, balanced and more fulfilled in their lives inside and outside of work. You can find a list of our benefits here.

As part of our collaborative & agile culture, our working week is 4 days in the office and one day remote. We believe that being together enables us to live our values and support our clients and communities in an extraordinary way.