Chief Risk Officer, Technology & Security

Role Description

The Global Risk and Compliance division (GR&C) exists to enable the FNZ Group to safely achieve its strategic objectives, protect value, and support the delivery of services and propositions to the quality our clients and regulators expect.

The Chief Risk Officer of Technology & Security is responsible for leading the second-line oversight of technology and security risk across the enterprise while serving as a strategic risk partner to the Group Head of Technology. This role ensures that technology and information security risks are effectively managed, aligning with the firm’s risk appetite and regulatory expectations while also providing proactive risk advisory support to the Technology division.

As a key member of both the Senior Risk Leadership Team and the Technology Senior Leadership Team, the CRO of Technology & Security will design and oversee the firm's global technology and cybersecurity risk framework to ensure resilience and regulatory compliance, challenge first-line risk management practices, and drive continuous improvement in risk resilience across the organization.

The CRO of Technology & Security leads the second line technology and security risk function responsible for overseeing technology and security risk management initiatives across jurisdictions, proactively identifying and mitigating emerging threats, and fostering a risk-aware culture throughout the organization.

The CRO of Technology & Security will work closely with executive leadership, regulators, and key stakeholders across regions and business units to ensure that technology and cybersecurity risk strategies support the firm’s strategic objectives while meeting evolving regulatory and threat landscape demands.  This role is critical to ensuring that technology and cybersecurity risks are managed proactively in an evolving digital landscape.

This role is ideal for a senior technology and security risk leader with a deep understanding of technology, digital, and AI-related risks and regulatory requirements for financial services organizations; a strong commitment to ethical leadership; thrives in a fast-paced, highly-matrixed global environment.

Specific Role Responsibilities

Strategic Leadership & Governance

• Develop and implement a comprehensive second-line risk management framework for technology and cybersecurity risks.

• Advise and collaborate with the Technology Division to establish policies, standards, and risk appetite statements related to IT, cybersecurity, data privacy, cloud, AI, and emerging technologies.

• Provide independent oversight and challenge to first-line risk management and control activities.

• Advise the Group CRO and executive leadership on key technology and security risk exposures and mitigation strategies.

Risk Assessment & Oversight:

• Partner with the Chief Information Security Officer (CISO), Chief Information Officer (CIO), and other senior executives to ensure robust risk management practices.

• Oversee cybersecurity, technology, and applicable third-party risk assessments to identify vulnerabilities and areas requiring mitigation.

• Collaborate with technology, security, and business leaders to provide assurance of design and operating effectiveness of technology and security controls, remediation strategies, and resilience measures.

• Oversee risk assessments for new technology, migrations, third-party partnerships, and AI-driven solutions, ensuring alignment with security and resilience objectives.

• Oversee threat intelligence, penetration testing, and security monitoring programs to ensure proactive risk identification and response.

• Drive business value by integrating risk insights into continuous improvement efforts and strategic technology initiatives.

Enterprise Resilience & Incident Response:

• Provide 2nd line assurance of robust business continuity, disaster recovery, and cyber incident response plans and testing.

• Partner with the Group Head of Technology, Group Head of Infrastructure, and Group CISO in crisis management efforts, rapid response to major cybersecurity incidents, data breaches and technology disruptions.

• Provide oversight and independent challenge to technology-related incident response, resilience and crisis management activities.

• Ensure post-incident reviews and lessons learned are effectively implemented to mitigate future risks.

• Evaluate and enhance business continuity and disaster recovery plans related to technology infrastructure.

• Advocate for resilience by design, overseeing security and risk management embeddedness into IT architectures, cloud deployments and digital transformation projects.

Regulatory & Industry Risk Oversight:

• Serve as trusted advisor and expert on emerging regulatory, cybersecurity, and technology risk trends impacting financial services, ensuring compliance with global standards such as DORA, NIS, GDPR, ISO 27001, SOC 2 and financial data security laws.

• Advise executive leadership on regulatory risks, cyber resilience, and operational risk management strategies.

• Partner with executive leadership on regulatory affairs, external audits, and external cybersecurity stakeholders; support responses to regulatory inquiries, security incidents and compliance assessments.

Governance, Reporting & Communication:

• Represent Global Risk & Compliance in senior leadership committees, including the Technology Risk Forum and relevant sub-committees.

• Provide regular reporting to the Group CRO, executive team and Group Board Risk Committee on IT/cyber risk trends and emerging threats.

• Develop and maintain key risk indicators (KRIs) and dashboards for technology and security risk oversight.

• Leverage data analytics, automation, and AI-driven insights to enhance risk monitoring capabilities.

Leadership & Development:

• Cultivate a global network of technology and security risk professionals, fostering a culture of innovation, resilience and operational excellence.

• Provide mentorship, training and development support for risk and security teams to strengthen enterprise-wide risk capabilities.

• Ensure Regional CROs and teams are aligned with the enterprise technology and security risk strategy and effectively managing local risk exposures.

• Provide oversight and guidance on global enterprise technology and security risk monitoring programs to ensure consistent risk management practices.

• Collaborate with Regional CROs to provide support, education and training to enhance technology and security risk awareness and competency.  

• Maintain deep knowledge of the regulatory and risk environments in which the organization operates, within the financial services industry.

• Provide enterprise technology and security risk consultancy to the wider organization.

• Serve as the policy owner for relevant enterprise technology and security risk management policies and procedures.

• Ensure that annual technology and security risk-based assessments and stress testing exercises are systematically carried out across the global enterprise.

Experience required

Qualifications:

• Education: Bachelor’s degree in information security, cybersecurity, risk management, computer science, or a related field.

• Certifications: CRISC, CISM, CISSP, CISA, or equivalent risk and security certifications.

Experience:

• 15+ years of experience in technology risk, cybersecurity risk, or enterprise risk management, preferably in a financial services or regulated industry, with at least 5 years in a senior or global technology risk leadership role.

• Deep knowledge of IT governance frameworks (e.g., NIST, ISO 27001, COBIT) and regulatory requirements (e.g., FFIEC, GDPR, DORA, SEC, OCC).

• Experience interacting with regulators, auditors, and board-level committees.

• Proven ability to lead and influence cross-functional teams and senior stakeholders.

• Proven track record of developing, implementing and managing enterprise-wide technology and security risk programs in a complex, multinational environment.

Leadership & Communication:

• Strategic thinking with strong business acumen.

• Ability to balance risk oversight with enabling business innovation.

• Strong analytical, communication, and leadership skills.

• Ability to manage complex, high-impact risk issues in a dynamic environment.

• Deep understanding of emerging technology risks, including cloud, AI, quantum computing, and supply chain vulnerabilities.

• Demonstrated ability to work in a matrixed organization and oversee cross-functional teams, manage multiple priorities and influence stakeholders across all levels. 

• Strong written and verbal communication skills, with the ability to simplify complex risk concepts for non-technical audiences. 

• High level of integrity, with a commitment to ethical conduct and the organization’s values. 

• Ability to articulate the commercial benefits of effective risk management and integrate risk insights into strategic planning. 

• Ability to build and maintain effective internal and external relationships. 

• Ability to analyse, present and report executive management information to senior stakeholders. 

• Effective communicator and influencer, sharing insight that translates technical concepts into clear and understandable language, listening to and encouraging active collaboration amongst stakeholders. 

• Flexible and resilient, with the ability to manage competing and changing priorities. 

• Strong people leadership experience in hiring, developing, promoting and retaining talent along with effective performance management of underperformers. 

About FNZ Culture

Our culture is what drives us. It's at the heart of who we are and everything we do. It's what inspires, excites and moves us forward. Our ambition is to create a culture for growth, one that opens up limitless opportunities for our employees, customers and the wider world. At FNZ we know that great impact is only possible with great teamwork.

That’s why we value the strength and diversity of thought in our global team.

The FNZ Way is the cornerstone of what we do. It is comprised of four values that set the standard for how everyone at FNZ interacts with each other, with our customers, and with all our diverse stakeholders around the world.

Customer obsessed for the long-term Think big and make an impact Act now and own it all the way Challenge, commit and win together

Read more about The FNZ Way and our values: www.fnz.com/culture

Opportunities

• Right from day one, you will work alongside exceptional, multicultural teams - experts in their respective fields - who will inspire and challenge you to make your greatest impact.

• Be part of a highly successful, rapidly growing, global business that is leading the delivery of financial services via cloud computing and partners with some of the world’s largest companies;

• Working in a flexible and agile way that meets the needs of the business and personal circumstances;

• Remuneration, financial rewards and career advancement is based on individual contribution and business impact rather than tenure or seniority;

• We provide global career opportunities for our best employees at any of our offices in the UK, EU, US, Canada, South Africa and APAC.

#LI-VP1

About FNZ

FNZ is committed to opening up wealth so that everyone, everywhere can invest in their future on their terms. We know the foundation to do that already exists in the wealth management industry, but complexity holds firms back. 

We created wealth’s growth platform to help. We provide a global, end-to-end wealth management platform that integrates modern technology with business and investment operations. All in a regulated financial institution. 

We partner with over 650 financial institutions and 12,000 wealth managers, with US$1.5 trillion in assets under administration (AUA).

Together with our customers, we help over 20 million people from all wealth segments to invest in their future.