We are a leading trading platform that is ambitiously expanding to the four corners of the globe. Our top-rated products have won prestigious industry awards for their cutting-edge technology and seamless client experience. We deliver only the best, so we are always in search of the best people to join our ever-growing talent team.
We are looking for a dedicated individual to join our team at Capital.com as Technology Risk Manager!
Responsibilities:
- Assess the governance of risk management practices pertaining to the risk and controls of the technology assets and systems, adherence to policies, standards, and procedures.
- Evaluate the scope and potential impacts of proposed changes to technology systems, including software upgrades, infrastructure updates, and new application deployments.
- Conduct regular risk assessments for tech-specific areas like cybersecurity, cloud infrastructure, data management, software development, and incident response.
- Evaluate new technologies, third-party vendors, and digital transformation initiatives for potential risks and develop risk assessments for each.
- Developing Mitigation Plans for identified risks, work with technical and business teams to develop mitigation strategies that minimise the risk’s impact. This may include rollback plans, backups, or system redundancies.
- Coordination and key participation in the development of the evolving risk position of new technology and third-party software. For each of the technology areas in focus, this individual will be charged with escalating and tracking the individual risk items.
- Work with appropriate technology areas to identify potentially elevated risk concentrations globally and perform independent assessments of the corresponding inherent risks and mitigating controls. Recommend any adjustments required to meet firm’s policy, regulatory requirements, and industry best practices.
- Develop and perform ongoing analysis of operational risk loss, near miss and external events to inform RCSA results, technology assessments and scenario analysis.
- Establishes and oversees the application of operational risk policies, technology and tools, and governance processes to create lasting solutions for minimising losses from failed internal processes, inadequate controls, and emerging risks.
- Ensure adherence to FinT ech-specific regulatory standards, such as data protection, cybersecurity, and financial stability requirements.
- Work closely with compliance teams to interpret regulatory changes, assess their impact on technology risk, and adjust risk policies accordingly.
- Prepare and submit technology risk reports and findings for regulatory examinations and internal audits.
- Actively participate in technology incident response planning, helping to develop protocols for quick and effective resolution.
- Lead post-incident reviews to identify root causes, assess control failures, and work with teams to implement preventive measures.
- Facilitate lessons-learned sessions after incidents to improve future incident handling and risk mitigation strategies.
- Working with colleagues in the Risk division, as well as technology, business and other control functions. With the expectation to contribute to the oversight of technology failure risks.
- Manage identified risks using the firm's Risk Management Framework and underlying procedures.
- Conduct line of business-oriented risk assessment based on application, infrastructure, and platforms. Participate in key governance, steering groups and control forums.
- This role requires an energetic self-starter that can liaise with Engineering teams and business both regionally and globally. Experience and knowledge in working for a regulated fintech technology business
Requirements:
- 7-10 years of experience in Technology Risk, Technology Audit, Application Security, Software/Infrastructure Engineering, or related fields.
- Experienced in regulatory technology related examinations.
- Proven ability to perform test of controls (design and operating effectiveness) e.g. Cloud, SDLC, AI/ML, Change Management, Identity and Access Management, Third Party, Encryption, Configuration Management, Patching, Network Security, Incident Response, Capacity and Resiliency.
- Knowledge with technology application and infrastructure components such as Servers, Storage, Networking, Application Development, SDLC, End User Platforms, Digital Workflow, Artificial Intelligence & Machine Learning, Cloud technologies, Data Engineering, Mobile/Web, and Database Management systems.
- Ability to review code (Java, C#, C++, Python, VBA macros etc.)
- Systems development/SDLC tools and processes (SVN/CVS, build, software testing, configuration, and deployment)
- Cloud computing (Private, AWS, Google, Azure, Docker)
- Linux and Windows operating systems: security, configuration, and management
- Database design, setup, and administration (DBA) experience with Sybase, Oracle, or UDB
- Big data systems: Hadoop, Snowflake, NoSQL, HBase, HDFS, MapReduce
- Web and Mobile technologies, digital workflow tools● Site reliability engineering and runtime operational tools (agent-based technologies) and processes (capacity, change and incident management, job/batch management)
- Email, messaging, and collaboration systems (Office 365, Exchange, SharePoint, instant messaging)
- Strong understanding of technology control frameworks and industry guidance such as COBIT , NIST , ISO27001, and FFIEC.
- Professional certifications such as CRISC, CISA, CISM, CISSP , CCSP , and AWS Certified Solutions Architect.
- Experience in managing regulatory exams and relationships with examiners and auditors
- Ability to work collaboratively with regional and global partners in other functional units; ability to navigate a complex organisation; to influence and lead people across cultures at a senior level
- Excellent analytical and problem-solving skills, inquisitive nature and comfort challenging current practices.
- Proven track record of taking ideas forward without supervision and challenging others, where appropriate.
- Adapt at developing relationships with senior business executives with a reputation for partnering across organisation lines to mitigate risks.
- Highly disciplined, able to work with limited supervision and make independent decisions.
- Strong organisational, project management, and multi-tasking skills with demonstrated ability to manage expectations and deliver results.
- High level of professionalism, self-motivation, and sense of urgency.
- BA or BS College Degree in Engineering, Computer Science, and Risk Management.
Benefits:
- Competitive Salary
- 25 days annual leave
- Private Medical Insurance for you and your family, after the probation period
- Death In Service
- EAP
- Season Ticket Loan after the probation period
Be a key player at the forefront of the digital assets movement, propelling your career to new heights!
Join a dynamic and rapidly expanding company that values and rewards talent, initiative, and creativity.
Work alongside one of the most brilliant teams in the industry.