Head of Technology Risk

Warsaw, Mazowieckie, Poland
Risk – Risk /
Hybrid
Apply for this job
We are a leading trading platform that is ambitiously expanding to the four corners of the globe. Our top-rated products have won prestigious industry awards for their cutting-edge technology and seamless client experience. We deliver only the best, so we are always in search of the best people to join our ever-growing talented team.

As the Head of Technology Risk, you will take on a pivotal leadership role, overseeing and directing the firm's comprehensive technology risk management framework. This entails ensuring that all technology and cyber risks are not only identified and assessed but also effectively managed and monitored across all facets of the business. Your role will be critical in safeguarding the organization's vital technology infrastructure and ensuring that the firm remains compliant with all relevant regulatory expectations, including those mandated by the FCA and other pertinent global regulatory bodies.  

Furthermore, you will be a linchpin, collaborating closely with stakeholders across multiple domains, including Risk, IT, Security, Compliance, and Senior Management. Your aim will be to cultivate and embed a robust risk culture throughout the organization. This will guarantee that technology risk is managed proactively and consistently, aligning with the firm's overall risk appetite and regulatory obligations.

Key Responsabilities

    • Leadership & Governance 
    • Own  and  lead  the  Technology  Risk  function:   Establish  the Technology Risk function as a cornerstone of the enterprise risk  management  framework.  Drive  the  strategic  vision  and operational execution of this function, ensuring it aligns with the broader organizational goals and risk appetite. 
    • Provide  strategic  direction  and  oversight:   Act  as the principal authority on all matters concerning IT and cyber risk. Guide the organization in proactively identifying, assessing, and mitigating potential threats and vulnerabilities. 
    • Represent  Technology  Risk  at  internal  risk  committees  and boards:   Serve as the primary spokesperson and subject matter expert  for  Technology  Risk  within  the  company.  Articulate complex technical risks and mitigation strategies in a clear and concise manner to both technical and non-technical audiences. 
    • Develop  and  maintain  strong  working  relationships  with  key stakeholders:   Cultivate  collaborative  partnerships  with leaders across IT, Security, Compliance, Audit, and the Executive team. 
    • Foster a culture of open communication and shared responsibility for managing technology risks.
    • Own the recruitment, onboarding, and capacity planning of the Technology Risk function to ensure the right skills and resources are in place to deliver a comprehensive testing programme.
    • Drive a culture of accountability by setting measurable performance standards, conducting regular reviews, and ensuring timely recognition or corrective action to maintain high-quality outputs.
    • Establish, expand, and continuously improve the Technology Risk function by embedding best practice methodologies, frameworks, and reporting standards, ensuring the wider business understands the value and importance of effective control testing. 

      • Risk Framework & Policy Management 
    • Design, implement, and continuously improve the technology and cyber  risk  management  framework,  policies,  and  standards:  Establish  a  robust  and  adaptable  risk  management framework that  encompasses  all  aspects  of  technology  and  cyber  risk. Develop and maintain comprehensive policies and standards that provide clear guidance and expectations for managing risk. 
    • Ensure  alignment  with  regulatory  guidance  (e.g.  FCA/PRA expectations, SS1/21, SYSC requirements, DORA readiness and implementation):   Maintain  up-to-date  knowledge  of  relevant regulatory requirements and industry best practices. Ensure that the organization's risk management practices are fully compliant with all applicable regulations and guidelines. 
    • Support  risk  assessments  for  material  outsourcing,  cloud adoption,  and  third-party  technology  providers:   Conduct thorough risk assessments of all significant technology initiatives, including  outsourcing  arrangements,  cloud  migrations,  and third-party  relationships.  Identify  potential  risks  and  develop appropriate mitigation strategies. 

      • Risk Identification, Assessment, and Monitoring 
    • Lead  enterprise-wide  technology  risk  assessments  and ensure timely  identification  of  emerging  risks:   Proactively identify and assess  potential  risks  across  all  technology  domains.  Stay abreast  of  emerging  threats  and  vulnerabilities,  and  develop strategies to address them before they impact the organization. 
    • Oversee  key  risk  indicators  (KRIs),  risk  and  control self-assessments  (RCSAs),  and other risk monitoring activities:  Implement a comprehensive risk monitoring program that utilizes a  variety  of  tools and techniques, including KRIs, RCSAs, and other metrics. Track the effectiveness of risk controls and identify areas for improvement. 
    • Provide  regular  risk  reporting  to  the  executive  and  board committees:   Prepare and deliver clear and concise risk reports that highlight key risks, emerging threats, and the effectiveness of  risk  mitigation  strategies.  Keep  the  executive  and  board committees informed of the organization's risk posture.

      • Incident & Change Management 
    • Provide  second-line  oversight  of  technology  incidents and root cause  analysis:   Review  and  analyze  technology  incidents  to identify root causes and underlying systemic issues. Ensure that appropriate corrective actions are taken to prevent recurrence. 
    • Assess  the  technology  risk  impact  of  major change programs, system  implementations, or transformation initiatives:   Evaluate the potential risks associated with major technology changes and initiatives. Develop strategies to mitigate these risks and ensure that changes are implemented safely and effectively. 
    • Work  with  operational  risk  and  technology  teams  on  scenario analysis and resilience testing:   Collaborate with other risk and technology  teams  to  conduct  scenario  analysis  and  resilience testing.  Identify  potential  vulnerabilities  and  develop  plans  to ensure business continuity in the face of disruptions. 

      • Cybersecurity & Resilience 
    • Partner with Information Security to ensure appropriate cyber risk management  and  regulatory  alignment:   Work closely with the Information  Security  team  to  establish  a  unified  approach  to cyber risk management. Ensure that cybersecurity practices are aligned with regulatory requirements and industry best practices. 
    • Provide  second-line  challenge  and  oversight  of  cyber  security controls, penetration testing, and security incident management:  Review and evaluate the effectiveness of cybersecurity controls. Provide independent oversight of penetration testing and security incident management activities. 
    • Support  the  development  and  testing  of  IT  Disaster  Recovery and  Business  Continuity  Planning  (BCP):   Assist  in  the development and testing of comprehensive IT Disaster Recovery and  Business  Continuity  plans. Ensure that the organization is prepared to respond to and recover from disruptions. 

      • Regulatory Engagement & Audit Support 
    • Act as a subject matter expert for technology risk in regulatory reviews  and  supervisory  engagements:   Serve  as  the  primary point of contact for regulators and supervisors on matters related to technology risk. Provide expert guidance and support during regulatory reviews and examinations. 
    • Prepare and present responses to regulator questions, thematic reviews, or requests for information:   Develop and deliver clear and comprehensive responses to regulatory inquiries. Represent the organization's  interests  and  demonstrate  compliance  with regulatory requirements. 
    • Liaise with Internal and External Audit for audits involving IT and cyber risk:  Collaborate with Internal and External Audit teams to facilitate audits of IT and cyber risk controls. Provide necessary documentation  and  support  to  ensure  a  smooth  and  efficient audit process. 

      • Continuous Improvement and Risk Culture 
    • Identify opportunities to enhance control testing processes by integrating automation, advanced analytics, and other relevant technology tools. This could include automating repetitive control tests, using data analytics to identify control deficiencies, or implementing technology solutions to streamline control testing processes. 
    • Regularly benchmark the control testing framework against industry best practices and regulatory requirements to identify areas for improvement and ensure the organization stays ahead of the curve. This may involve participating in industry surveys, attending conferences, or engaging with external consultants. 
    • Promote a strong risk culture within the organization by raising awareness of control testing and its importance in managing operational risk. This could involve delivering presentations, organizing workshops, or developing communication materials that highlight the benefits of effective control testing. 
    • Provide training and guidance to control owners to ensure they understand the importance of effective control design and operation, and can identify and mitigate risks in their areas of responsibility. This could include developing training materials, delivering workshops, or providing one-on-one coaching. 
    • The successful candidate will be a proactive and self-motivated individual with excellent communication and interpersonal skills, capable of building strong relationships with a wide range of stakeholders across different teams, business units, regions, and cultures. 

Requirements

    • Extensive Experience in Technology Risk Management: A minimum of 10 years of proven experience in a technology risk, IT audit, or IT governance role within the financial services or fintech industry is required. 
    • Comprehensive Regulatory Knowledge: Possess a deep understanding of global regulatory frameworks, with a specific focus on FCA, PRA, SYSC, SS1/21, and DORA regulations. 
    • In-Depth Technical Expertise: A strong knowledge of IT controls, cyber risk, cloud risk, ITGCs, and third-party risk management is essential. 
    • Framework Development and Risk Assessment: Experience in building or enhancing technology risk frameworks and leading risk assessments is required. 
    • Exceptional Stakeholder Engagement: Must possess excellent stakeholder engagement skills, with a proven ability to influence and communicate effectively at senior levels. 
    • Leadership and Cultural Influence: Experience in leading teams and fostering a strong risk culture within fast-paced, agile environments is essential. 
    • Relevant Certifications: While not mandatory, certifications such as CRISC, CISM, CISSP, CISA, or ISO 27001 are highly desirable and will be viewed favorably. 

      • Additional Skills and Competencies 
    • Strategic Thinking: Ability to align technology risk management strategies with overall business objectives. 
    •  Problem-Solving: Capacity to identify and address complex technology risk issues proactively. 
    • Communication and Reporting: Excellent written and verbal communication skills, with the ability to present complex risk information clearly and concisely to both technical and non-technical audiences. 
    • Adaptability: Ability to thrive in a dynamic and rapidly evolving technology risk landscape. 
    • Innovation: A proactive approach to identifying and implementing innovative risk management solutions. 

      • Technical Skills & Knowledge 
    • GRC Tool Proficiency:  Expertise in using Governance, Risk, and Compliance tools for risk assessment, monitoring, and reporting. 
    • Control Testing Platforms:  Hands-on experience with platforms designed to test and validate the effectiveness of internal controls. 
    • Data Analysis: Advanced skills in Excel and data visualization tools like Tableau and Power BI to analyze risk data and generate insights. 
    • Risk Management Frameworks: Deep understanding of industry-standard risk management frameworks such as COSO, NIST, and ISO 31000. 
    • Control Testing Methodologies: Familiarity with various methodologies for testing and evaluating the design and operating effectiveness of controls. 
    • Regulatory Audits:  Experience in managing and coordinating regulatory audits, including preparation, execution, and follow-up. 

      • Interpersonal & Leadership Skills 
    • Collaboration & Influence: Ability to work effectively with regional and global partners across different functions and cultures, and to influence senior stakeholders. 
    • Complex Problem Solving: Excellent problem-solving skills, with a curious mindset and a willingness to challenge existing practices. 
    • Initiative & Independence: Proven ability to take ownership of ideas and drive them forward without constant supervision, and to constructively challenge others when necessary. 
    • Autonomy & Decision-Making: Highly disciplined and capable of working independently with minimal supervision, and making sound decisions. 

      • Organizational & Management Skills 
    • Project Management & Multitasking: Strong organizational and project management skills, with the ability to manage multiple priorities and deliver results within deadlines. 
    • Expectation Management:  Proven ability to set and manage expectations, and to communicate effectively with stakeholders. Professionalism & Work Ethic 
    • Professionalism & Drive: High level of professionalism, self-motivation, and a strong sense of urgency
What you will get in return:

Competitive Salary: We believe great work deserves great pay! Your skills and talents will be rewarded with a salary that makes you feel valued and motivated.
Work-Life Harmony: Join a company that genuinely cares about you - because your life outside of work matters just as much as your time on the clock. #LI-Hybrid
Annual Performance Bonus: Your hard work doesn’t go unnoticed! Celebrate your achievements with a well-deserved annual bonus tied to your performance.
Generous Time Off: Need a breather? Our annual leave policy lets you recharge and enjoy life outside of work without a worry.
Employee Referral Program: Love working here? Share the love! Bring your talented friends on board and get rewarded for growing our awesome team.
Comprehensive Health & Pension Benefits: From medical insurance to pension plans, we’ve got your back. Plus, location-specific benefits and perks!
Workation Wonderland: Live your digital nomad dreams with 30 extra days to work remotely from anywhere in the world (some restrictions apply). Adventure awaits!
Volunteer Days: Make a difference! Take two additional paid days each year to support causes you care about and give back to the community.



Be a key player at the forefront of the digital assets movement, propelling your career to new heights! Join a dynamic and rapidly expanding company that values and rewards talent, initiative, and creativity. Work alongside one of the most brilliant teams in the industry.

Our company has an Internal Reporting Procedure. It is available from the Human Resources Department upon request hr@capital.com. You may report a violation referred to in the Procedure under the terms specified therein.
Apply for this job

capital.com Home Page

Jobs powered by Lever logo