IT Risk Manager

Operations – Risk
Full Time

At Zopa, we’re shaping the future of finance.

We offer simple loans and smart investments that help people take control of their finances and do more with their money. In the 12 years we’ve been in business, we’ve helped more than 60,000 people lend over £2 billion to 246,000 UK consumers.

And our journey’s only just beginning. In November 2016 we announced our plans to build a next generation bank so that we can bring a greater range of smart, ethical finance products to even more people.

Reporting into the Chief Risk Officer, the IT risk management activities are coordinated through this role, including ownership of IT policies and scheduled reviews.  This is an exciting opportunity to build out the IT risk management function as Zopa prepares to launch its banking activity.
The role’s core responsibility is to report on and test the effectiveness of Information Technology and security risks across Zopa, as a second line of defense function.

Setting policy and control objectives

    • Building strong business partnerships with first line functions to advise and challenge on projects and initiatives across the business where there are technology risks.
    • Consultancy on the design of Information Technology and security controls design and implementation.
    • Development and ongoing maintenance of IT policies; ensuring adherence and compliance with regulatory requirements.
    • Liaising with other second line functions (Compliance, Legal and Operational Risk) to ensure a consistent risk-based approach is achieved
    • Ensure the business is kept up to date with changes in information security regulation and industry best practice

Risk identification, assessment and evaluation

    • Ensure that responses to risks are cost effective and meet business objectives.
    • Identify current and emerging technology risks
    • Assessing the effectiveness of policy and control implementation by the business
    • Assessing the effectiveness of Business Continuity and Disaster Recovery Plans from a technology perspective

Information Technology control monitoring

    • Monitor risk and work with relevant business owners to ensure the effectiveness of our risk management strategy
    • Conducting and enabling monitoring reviews (internal and external)

Reporting and recommendations

    • Produce regular dashboards and reports for first line management
    • Present risk assessments to the CRO and Risk Management Committee
    • Recommend control enhancements to ensure risks remain within our appetite
    • Liaise with the ICO


    • Experience as an IT Risk manager, IT risk specialist, or information technology auditor
    • Management experience in Information Technology functions
    • Knowledge of security frameworks such as ISO27001 or PCIDSS
    • Experience in financial services would be advantageous 

We are committed to equality of opportunity for all staff and applications from individuals are encouraged regardless of age, disability, sex, gender, sexual orientation, pregnancy and maternity, race, religion or belief and marriage and civil partnerships.