Technology Risk Professional

**Key Responsibilities**:
- Identify, assess, and effectively communicate complex technology risks - including deployment and integration of legacy and modern systems - translating these risks into actionable tasks for technical teams.
- Lead oversight of risks associated with integrating new and legacy technology systems, ensuring robust controls to manage potential exposures.
- Establish clear governance and approval mechanisms for AI tools and integrations, evaluating risks related to data privacy, cyber threats, accuracy, bias, and compliance.
- Collaborate with development teams to embed risk management, AI-specific controls, and security best practices throughout the software and AI model development lifecycles.
- Conduct independent thematic reviews and assurance audits of technology systems (including AI), legacy system risks, and infrastructure security, ensuring vulnerabilities are addressed promptly.
- Ensure compliance with relevant regulations and align technology risk management strategies with frameworks such as NIST, ISO 27001, and MITRE ATT&CK.
- Ensure Business Continuity and Disaster Recovery plans account for risks arising from legacy system dependencies and integration with modern infrastructure and processes.

**Skills and Competencies**:
- Proven experience in a technology-focused second-line risk management role, emphasising technology infrastructure, legacy system integration, and AI-specific risk oversight, alongside cybersecurity.
- Deep understanding of technology architecture, legacy systems, modern cloud platforms (AWS/Azure), network infrastructure, servers, desktop environments, mobile devices, and AI technologies.
- Strong familiarity with AI risk management, including AI governance frameworks, risk assessments, bias management, privacy considerations, and regulatory implications.
- Extensive experience overseeing integration risks between legacy and modern technology systems, with the ability to identify and mitigate compatibility, security, and operational risks.
- In-depth knowledge of frameworks such as NIST, ISO 27001, MITRE ATT&CK, and emerging best practices specific to AI security and governance.
- Demonstrated ability to audit complex technology environments, identify vulnerabilities in legacy and new systems, and implement effective risk treatment plans.
- Hands-on experience with secure software development practices, security testing methodologies, and risk assessment within agile SDLC environments.
- Excellent communication skills, able to translate complex technology risks clearly and concisely for executive-level stakeholders and technical teams alike.

About Us

Banking should be barrier-free. It’s a belief at our very core, inspired by our entrepreneurial spirit, driven by the unmet financial needs of millions, and delivered by our data-driven tools.

And for those who love helping businesses thrive? Our savings accounts help diversify the high street and create new jobs, all while earning savers some of the highest interest on the market.

But we go beyond finance, to empower our people, encourage professional growth and create an environment where everyone can thrive. We strive to create an inclusive and diverse workplace where people can be themselves and succeed.

Our story

OakNorth Bank was built on the foundations of frustrations with old-school banking. In 2005, when our founders tried to get capital for their data analytics company, the computer said ‘no’. Unfortunately, all major banks in the UK were using the same computer - and it was broken.

Why was it so difficult for a profitable business with impressive cashflow, retained clients, and clear commercial success to get a loan?

The industry was backward-looking and too focused on historic financials, rather than future potential.

So, what if there was a bank, founded by entrepreneurs, for entrepreneurs? One that offered a dramatically better borrowing experience for businesses?

No more what ifs, OakNorth Bank exists.