Tech & Cyber Risk Manager

Role Summary

At LSEG, we are evolving how technology and cyber risk is run within a fast‑paced, product‑aligned engineering environment. In Data & Analytics Engineering (D&A), we are looking for a Technology & Cyber Risk Manager to help drive a proactive, insight‑led risk and controls culture. This role sits at the heart of Engineering, partnering across Product, Cyber and Risk to strengthen control maturity, enable confident decision‑making, and ensure risks are effectively understood and managed.

Employing AI and automation, the role also helps transform how risk data, reporting and remediation are delivered at scale.

• Support the delivery and ongoing improvement of the D&A Engineering technology and cyber risk management approach, ensuring alignment with enterprise‑wide risk policies, regulatory expectations and Tech & Cyber Risk priorities.
• Coordinate and maintain key risk information across D&A Engineering, including Self‑Identified Issues (SIIs), audit findings, technology obsolescence, risk events, control assessments, remediation plans and action tracking.
• Support risk and control assessments across applications, platforms and technology services, helping to identify control gaps, assess impact and likelihood, document residual risk positions and define appropriate remediation actions.
• Prepare clear, accurate and timely inputs for dashboards, reporting and committee materials and senior leadership updates, ensuring that messages are risk‑led, evidence‑based and proportionate to the audience.
• Maintain audit‑ready documentation and evidence to support internal reviews, external assurance, regulatory requests and management oversight.
• Support alignment to relevant regulations, standards and internal requirements, including FCA, PRA, GDPR, DORA and LSEG technology and cyber risk policies, raising potential impacts or gaps for review.
• Work with central Cyber, Technology Risk, GRC, BISO, Engineering and Product teams to support the implementation and continuous improvement of information security activities, including vulnerability management, patching, penetration testing, control assurance and security remediation.
• Identify repeatable manual activities in the risk and controls lifecycle that could be simplified, automated or enhanced through AI, analytics, workflow tooling or data‑quality improvements.
• Develop high‑quality prompts, templates and reusable artefacts to improve consistency in risk assessments, SIIs generation, committee reporting, control commentary and remediation updates.
• Support embedding AI‑enabled ways of working across the risk and controls function, while respecting confidentiality, data‑handling, model‑risk and information‑security requirements.

• Relevant technology risk, cyber risk, operational risk, controls, audit, assurance or technology governance experience, preferably in a financial services, regulated or complex enterprise environment.
• Good understanding of technology and cyber risk management concepts, control frameworks, issue management, remediation tracking and evidence standards.
• Practical experience working with technology, engineering, product, risk, cyber, audit or compliance partners to identify, document and manage risks and control gaps.
• Strong written and verbal communication skills, with the ability to adapt messaging for technical, operational and management audiences.
• Experience with issue and action management tools, risk registers, control libraries, audit evidence repositories, management information and executive reporting packs.
• Experience supporting risk assessments for applications, platforms, cloud services, infrastructure, data platforms, AI‑enabled services or engineering delivery environments.
• Understanding of vulnerability management, patching, technology obsolescence, access management, incident management, resilience, third‑party risk and secure‑by‑design principles.
• Strong proven understanding of Microsoft 365 productivity tools, reporting tools and workflow solutions; experience using AI, automation, analytics or data visualisation tools to improve business processes is highly desirable.
• Awareness of regulatory and industry requirements such as FCA, PRA, GDPR and DORA, with the ability to apply requirements pragmatically in a technology environment.

Manager

LSEG is a proud equal‑opportunity employer. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability. We accommodate religious practices and mental or physical disability needs as required by law.