Technology, Resilience and Security Risk Manager

Technology, Resilience and Security Risk Manager

Join to apply for the Technology, Resilience and Security Risk Manager role at Trinity Bridge

This role will focus on analysing, developing and maturing Trinity Bridge’s IT Governance and alignment with industry-standard frameworks, ensuring our ability to resiliently safeguard our clients, our people, and their assets. The role contributes to the ongoing development and evolution of the enterprise-wide technology, resilience, and security governance strategy, ensuring alignment with business objectives and regulatory requirements. This colleague will be responsible for providing regular updates and recommendations to the C-suite on governance, risk, and compliance matters as required.

• Analysing existing Trinity Bridge Technology, Security and Resilience (TRS) Governance to identify and close gaps and improvement opportunities.
• Ownership of the governance lifecycle of Trinity Bridge’s policy and standards relating to TRS.
• Ownership of monthly risk reporting and KRIs/KPIs across TRS.
• Ownership of Risk and Control Registers across TRS.
• Reporting on risk items across all avenues in a timely and appropriate manner across governance forums, ensuring affected stakeholders are informed.
• Developing and maintaining TRS risk appetite statements, MI, KPIs and KRIs in conjunction with the Operational Risk team, to ensure Trinity Bridge report with clarity on operation within the agreed tolerance.
• Produce full gap analysis reports on areas of improvement and risk, to support risk and cost reduction and strategy delivery, recommending thorough mitigation plans including justification for options considered.
• Own, chair and shape the future of the Cyber and Resilience Risk committee (CRC) and sub-CRC- monthly forums presenting the TRS risk position, risk acceptances, approvals and actions to the CISO and COO and TRS leadership team.
• Independent review of problem management, incident management and KRIs to provide proposals and recommendations on continuous improvement and optimal performance of the enterprise function.
• Ownership of TRS risk assessment of third and fourth parties through the established third party management team.
• Monitor emerging regulatory requirements and ensure governance frameworks are updated accordingly.
• Define, review, and evolve key metrics (MI, KPIs, KRIs) to ensure they remain relevant and actionable.

• Working closely with the TRS leadership team to assure weekly project status reports, ensuring accuracy of TRS’ business change governance across the enterprise.
• Responsible for appropriate application of all business and technology change from a cyber and information security perspective.
• Ensuring TRS Governance is adhered to throughout business as usual (BAU) operation and business change, utilising the mature operational processes already in place.
• Act as an interface between business change and TRS leadership where deviations to process and risk acceptances may be necessary.

• Responsible for Trinity Bridge’s strong cyber and information security culture, acting as the ‘de-facto’ expert on cyber and information security for the business.
• Independently able to produce comprehensive write ups of current risks and threats as they develop, producing expedient updates as situations change and span different threat vectors.
• Proactively report upwards on emerging cyber and data risks and threats, providing a view through a business lens on potential impacts.
• Responsible for monthly robust, traceable and risk-led MI on cyber and information security performance against governance frameworks and risk appetite.

• Operate with respect, diversity and inclusion principles as a key tenet of your role.
• Develop a culture of continuous improvement and appraisal as a foundation for excellent organisational performance, including operating within the firm’s people policies and processes.
• Build and develop relationships with organisation-wide peers.

• Ability to demonstrate an understanding of the regulatory framework relevant to the role, whilst…