IT Risk Officer

Operations – Risk
Full Time
At Zopa, we’re shaping the future of finance.

We offer simple loans and smart investments that help people take control of their finances and do more with their money. In the 12 years we’ve been in business, we’ve helped more than 60,000 people lend over £3 billion to 246,000 UK consumers.

And our journey’s only just beginning. In November 2016 we announced our plans to build a next generation bank so that we can bring a greater range of smart, ethical finance products to even more people.

Reporting into the Head of Operational Risk, this role will coordinate IT risk management activities, including ownership of IT policies and scheduled reviews.  This is an exciting opportunity to build out the IT risk management function as Zopa prepares to launch its banking activity.
The role’s core responsibility is to report on and test the effectiveness of Information Technology and Security risks across Zopa, as a second line of defense function.

Setting policy and control objectives

    • Building strong business partnerships with first line functions to advise and challenge on projects and initiatives across the business where there are technology risks
    • Ensuring that the IT Risk framework is embedded in the business
    • Ongoing maintenance of IT policies; ensuring adherence and compliance with regulatory requirements
    • Liaising with other second line functions (Compliance, Legal and Operational Risk) to ensure a consistent risk-based approach is achieved
    • Ensure the business is kept up to date with changes in information security regulation and industry best practice

Risk identification, assessment and evaluation

    • Identify current and emerging technology risks
    • Assessing the effectiveness of policy and control implementation by the business
    • Assessing the effectiveness of Business Continuity and Disaster Recovery Plans from a technology perspective

Information Technology control monitoring

    • Monitor risk and work with relevant business owners to ensure the effectiveness of our risk management strategy
    • Conducting and enabling internal monitoring reviews (internal and external)

Reporting and recommendations

    • Present risk assessments to the Head of Operational Risk, CRO and Risk Management Committee
    • Recommend control enhancements to ensure risks remain within our appetite
    • Liaise with the ICO


    • Strong experience as a IT risk specialist, or information technology auditor.
    • Experience in Information Technology functions
    • Knowledge of security frameworks such as ISO27001 or PCIDSS
    • Experience in financial services would be ideal
We are committed to equality of opportunity for all staff and applications from individuals are encouraged regardless of age, disability, sex, gender, sexual orientation, pregnancy and maternity, race, religion or belief and marriage and civil partnerships.