Technology Risk Management Associate
London, LND, GB, EC2M 2AT
SMBC: A trusted partner for the long term
Here at SMBC Group, we want to help you find the next step in your career so read on to discover if this opportunity is the one for you. We like to recognise potential in our people, so we welcome your application even when your experience doesn’t perfectly align with the job description. Whilst we’ll always strive to be better, we’re proud of our inclusive culture, and encourage our applicants and colleagues to be their authentic, unique selves.
Who we are
United by a sense of purpose towards our customers – to be a trusted partner for the long-term – and our universal banking platform in EMEA, SMBC Group has an international growth agenda and award-winning products, meaning we provide exciting opportunities to work on a diverse range of projects and initiatives. We deliver a full suite of corporate finance products and solutions to our customers as well as investment banking and advisory services, and a range of innovative solutions in global capital markets. Read on to find out how you could enhance your skills and gain valuable experience, by joining us to support our clients transition to a sustainable future.
Purpose of Job
The purpose of this role is to support the organisation’s technology risk management activities as part of the First Line of Defence. You will play an important role in helping the business identify, assess, and manage IT-related risks that could impact systems, data, and services. This includes assisting with the maintenance of governance records, monitoring compliance with internal policies and regulatory requirements, and supporting audit and assurance activities.
The role is designed to provide a strong foundation in technology risk management, offering opportunities to learn about risk frameworks, control environments, and regulatory standards. You will contribute to ensuring that IT systems remain resilient and aligned with best practices, while helping to embed risk awareness across the organisation. By supporting key processes and initiatives, you will develop technical knowledge and risk management skills that are essential for a career in IT governance and security.
Ultimately, this position helps strengthen the organisation’s technology resilience by ensuring risks are effectively managed and compliance obligations are met.
Business Area
This role sits within the Information Technology Services Division (ITSD) as part of the Technology Risk Management team. You will work as part of the Technology Risk Management team to support the delivery of the organisation’s technology risk strategy. The position is designed for individuals at the early stages of their career in IT risk, offering hands-on experience and exposure to key areas such as risk frameworks, audits, and governance processes.
As part of your responsibilities, you will contribute to embedding the technology risk framework across the organisation, ensuring that risks are identified, assessed, and managed effectively. You will assist in monitoring compliance with policies and standards, support internal and external audits, and help maintain governance documentation. This role plays a critical part in strengthening risk awareness and implementing controls that mitigate technology-related risks, ultimately safeguarding the organisation’s systems and data.
Position Description
Risk Register Monitoring: Update and maintain registers of risk events, incidents, audit findings, and exceptions, and track action plans to completion.
Technology Risk Taxonomy & Risk Register: Assist in identifying technology risks across hardware, software, networks, and information systems, and help maintain the Technology Risk Register.
RCSA Process: Support risk and control self-assessments by gathering data, documenting key risks and controls, and assisting with effectiveness reviews.
Controls Assurance Testing: Help with control testing activities, including tracking results and supporting oversight of control design and operation.
Continuous Controls Monitoring: Assist in implementing processes for ongoing and automated control monitoring and collect relevant data.
External Audit Liaison: Coordinate with auditors and internal teams to prepare evidence, schedule walkthroughs, and track IT SOX audit progress.
Internal Audit Liaison: Work with internal teams to support assurance reviews and internal audits by maintaining control documentation and tracking remediation actions.
Risk Acceptance and Exceptions: Assist in reviewing exception requests and updating records for non compliance with controls, standards, or policies.
Risk Scenario Analysis and Monitoring: Provide input and support for developing, testing, and documenting risk scenarios and remedial actions.
Emerging Risks: Help gather intelligence on operational and emerging risks, including regulatory changes, and assist in preparing monthly reports.
Technology & Intragroup Reporting: Prepare metrics and reports for inclusion in technology meetings, forums, and dashboards.
Risk Management Training: Support the planning and delivery of quarterly IT risk training sessions and maintain training records.
Knowledge and Experience
Attention to Detail: Meticulous attention to detail is crucial for accurately managing open audit points, helping to document audit actions, and accurately track and report on the status of management actions.
Organisational Skills: Strong organisational skills are necessary to effectively coordinate audit schedules, manage documentation, and prioritise tasks across the IT Department.
Time Management: Excellent time management skills are essential for managing multiple audit engagements, meeting deadlines, and ensuring the smooth progression of audit activities.
Communication Skills: Clear and concise communication skills are vital for effectively liaising with internal and external stakeholders, conveying audit-related information, and facilitating collaboration across the IT Department.
Analytical Skills: Strong analytical skills for analysing audit data, identifying trends, and generating insights to support audit reporting and decision-making processes within the Technology domain.
Adaptability: Ability to adapt to changing priorities, audit requirements, and work effectively in a dynamic and fast-paced environment.
Confidentiality: Demonstrated ability to handle sensitive information with discretion and maintain confidentiality in accordance with organisational policies.
Proficiency in Office Software: Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint, Outlook) and other relevant software applications for document management, data entry, and reporting.
Technology Knowledge: ITIL and or COBIT knowledge is preferable. Work towards a detailed understanding of Technology and Cyber Risk frameworks (e.g. NIST / COBIT / ITIL)
Qualifications: Computer Science or STEM subject degree or equivalent experience is preferred.
Competencies
What we offer
For all the expertise and experience you bring to help us make a difference, it’s only sustainable if we support you to build your career and be your best self so we offer competitive company benefits, centred around promoting positive well-bring and work-life balance. We also believe in fostering a diverse and inclusive work environment, where all team members perspectives and contributions are valued. Initiatives in place which promote a diverse and inclusive culture and healthy work life balance include hybrid working, Sport & Social Clubs and Diversity and Inclusion networks.
As an employee of SMBC you have access to a host of both useful and exciting benefit offerings. See below some of the benefits on offer to you:
- Hybrid and flexible working
- Competitive paid leave days
- Benefits to support your physical wellbeing, including private medical insurance and life and invalidity insurance
- Various policies to support your mental wellbeing, including a robust behavioural health network with counselling and coaching services
- Access a wide range of learning and development opportunities and career progression opportunities
- Ambitious remuneration package
So, if you like a challenge and want to continuously grow and develop in a role where you will be supported along the way by a dynamic and diverse team, apply today!!
We recognise our role as a bank to support social change and welcome all applications, including those from groups often under-represented in financial services. We value the uniqueness of professional and personal, backgrounds and perspectives as they play a vital role in continuing the sustainable growth of our organisation. We’ll ensure reasonable adjustments to our recruitment process are offered due to a disability or long-term condition whenever requested.