Chief Risk Officer, Technology

Role Description

The Global Risk and Compliance division (GR&C) exists to enable the FNZ Group to safely achieve its strategic objectives, protect value, and support the delivery of services and propositions to the quality our clients and regulators expect.

The Chief Risk Officer of Technology & Security is responsible for leading the second-line oversight of technology and security risk across the enterprise while serving as a strategic risk partner to the Group Head of Technology. This role ensures that technology and information security risks are effectively managed, aligning with the firm’s risk appetite and regulatory expectations while also providing proactive risk advisory support to the Technology division.

As a key member of both the Senior Risk Leadership Team and the Technology Senior Leadership Team, the CRO of Technology & Security will design and oversee the firm's global technology and cybersecurity risk framework to ensure resilience and regulatory compliance, challenge first-line risk management practices, and drive continuous improvement in risk resilience across the organization.

The CRO of Technology & Security leads the second line technology and security risk function responsible for overseeing technology and security risk management initiatives across jurisdictions, proactively identifying and mitigating emerging threats, and fostering a risk-aware culture throughout the organization.

The CRO of Technology & Security will work closely with executive leadership, regulators, and key stakeholders across regions and business units to ensure that technology and cybersecurity risk strategies support the firm’s strategic objectives while meeting evolving regulatory and threat landscape demands. This role is critical to ensuring that technology and cybersecurity risks are managed proactively in an evolving digital landscape.

This role is ideal for a senior technology and security risk leader with a deep understanding of technology, digital, and AI-related risks and regulatory requirements for financial services organizations; a strong commitment to ethical leadership; thrives in a fast-paced, highly-matrixed global environment.

Specific Role Responsibilities

Strategic Leadership & Governance- Develop and implement a comprehensive second-line risk management framework for technology and cybersecurity risks.- Advise and collaborate with the Technology Division to establish policies, standards, and risk appetite statements related to IT, cybersecurity, data privacy, cloud, AI, and emerging technologies.- Provide independent oversight and challenge to first-line risk management and control activities.- Advise the Group CRO and executive leadership on key technology and security risk exposures and mitigation strategies.

Risk Assessment & Oversight:
- Partner with the Chief Information Security Officer (CISO), Chief Information Officer (CIO), and other senior executives to ensure robust risk management practices.- Oversee cybersecurity, technology, and applicable third-party risk assessments to identify vulnerabilities and areas requiring mitigation.- Collaborate with technology, security, and business leaders to provide assurance of design and operating effectiveness of technology and security controls, remediation strategies, and resilience measures.- Oversee risk assessments for new technology, migrations, third-party partnerships, and AI-driven solutions, ensuring alignment with security and resilience objectives.- Oversee threat intelligence, penetration testing, and security monitoring programs to ensure proactive risk identification and response.- Drive business value by integrating risk insights into continuous improvement efforts and strategic technology initiatives.

Enterprise Resilience & Incident Response:
- Provide 2nd line assurance of robust business continuity, disaster recovery, and cyber incident response plans and testing.- Partner with the Group Head of Technology, Group Head of Infrastructure, and Group CISO in crisis management efforts, rapid response to major cybersecurity incidents, data breaches and technology disruptions.- Provide oversight and independent challenge to technology-related incident response, resilience and crisis management activities.- Ensure post-incident reviews and lessons learned are effectively implemented to mitigate future risks.- Evaluate and enhance business continuity and disaster recovery plans related to technology infrastructure.- Advocate for resilience by design, overseeing security and risk management embeddedness into IT architectures, cloud deployments and digital transformation projects.

Regulatory & Industry Risk Oversight:
- Serve as trusted advisor and expert on emerging regulatory, cybersecurity, and technology risk trends impacting financial services, ensuring compliance with global standards such as DORA, NIS, GDPR, ISO 27001, SOC 2 and financial data security laws.- Advise executive leadership on regulatory risks, cyber