Be at the heart of actionFly remote-controlled drones into enemy territory to gather vital information.

Apply Now

Technology Risk & Controls Manager, 1st Line Controls

Bishopsgate
5 months ago
Applications closed

Related Jobs

View all jobs

Embedded Software & Controls Manager

Information Security Manager

Information Security and Compliance Manager

Penetration Tester

Security Engineer - Cloud / Soc 2 / ISO 27001

Governance, Risk and Compliance Associate

Join us as a Technology Risk & Controls Manager in a 1st Line Controls function

You’ll be a subject matter expert to our Technology stakeholders, in execution of our Enterprise Wide Risk Management Framework, guiding them and influencing them in key risk and control design decisions, in order to help them effectively manage their technology related risks and controls

You’ll enjoy a varied, fast-paced work environment, and you’ll gain valuable experience from a wide range of stakeholders across the organisation

What you'll do

As a Technology Risk & Controls Manager, 1st Line Controls, you’ll collaborate with a variety of technology stakeholders, and support them with their understanding and management of their risks and controls and apply effective risk management decisions.

In this key role, you’ll be a trusted advisor to our Technology stakeholders, they will seek your guidance and support on how to manage their day-to-day risks, controls and remediation plans, to remain compliant with our risk framework. This includes collaborating with other Business Controls Partners, franchises and functions to support our stakeholders with understanding the impact where a risk has materialised or a control weakness has been identified. You’ll also support and regularly engage with specialist technology stakeholders across NatWest Group, including second and third line of defence, and other relevant stakeholders.

We’ll look to you to provide support on risk framework execution as a Technology Risk and Control Subject Matter Expert, such as Risk and Controls Assessments, Control Design and Articulation, and Risk Policy Compliance, in relation to technology related risks for the relevant business areas. To do this, you’ll be working closely with the Control Testing team, Franchise & Function Control teams and second line Risk.

Additionally, you’ll:

Manage stakeholder relationships and support them with managing their risk, control and issues profile

Produce governance and risk committee packs for our stakeholders, analysing MI and providing check and challenge on risk appetite related to technology disruption, information security, operational resilience, change and external outsourcing

Provide guidance and support to our stakeholders around all aspects of our risk framework such as, identification of key controls, articulation of controls, drafting remediation plans, how their controls and issues are linked to business owned risks and assessments and support them with control testing failures identified by the Control Testing teams

Identify opportunities where our stakeholder’s controls can be simplified or automated, reducing the costs of operating controls

Monitor our stakeholder’s compliance to our risk standards, Sox testing requirements and other regulatory requirements, such as external outsourcing and use of cloud

Support our stakeholders in designing a cost-effective and automated controls environment that meets regulatory and policy expectations

The skills you'll need

To succeed in this role an understanding of financial crime or digital channels is necessary to enable informed discussions of risk. You'll also need knowledge of 1st line risk frameworks, IT General Controls, external outsourcing risks, including industry frameworks such as COBIT, CRISC and SOX are key.

We’re looking for a highly skilled individual with a proven ability to deliver high quality outcomes and experience of applying technology and where relevant, risk and control assessments in an operational and strategic context.

You’ll also have:

Comprehensive experience in 1st line risk management or audit

An understanding of control testing frameworks to support and guide our stakeholders

The ability to adapt to a fast-paced, changing environment where priorities shift rapidly

The ability to identify solutions to complex problems

The ability to communicate complex ideas and solutions to senior or challenging stakeholders

The ability to produce high quality deliverables and risk committee packs for our stakeholders

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs

Cyber Security Recruitment Trends 2025 (UK): What Job Seekers Must Know About Today’s Hiring Process

Summary: UK cyber security hiring has shifted from title‑led CV screens to capability‑driven assessments that emphasise incident readiness, cloud & identity security, detection engineering, governance/risk/compliance (GRC), measurable MTTR/coverage gains & secure‑by‑default engineering. This guide explains what’s changed, what to expect in interviews, & how to prepare—especially for SOC analysts, detection engineers, blue/purple teamers, penetration testers, cloud security engineers, DFIR, AppSec, GRC & security architecture. Who this is for: SOC & detection engineers, security operations leads, DFIR analysts, penetration testers/red teamers, purple teamers, AppSec/DevSecOps engineers, security architects, cloud security engineers, identity/IAM engineers, vulnerability managers, GRC/compliance specialists, product security & security programme managers targeting roles in the UK.

Jobs

Why Cyber Security Careers in the UK Are Becoming More Multidisciplinary

Cyber security used to be viewed primarily as a technical discipline: firewalls, encryption, intrusion detection, penetration testing. In the UK today, it’s far broader. Organisations now face complex legal frameworks, ethical dilemmas, human-behaviour risks, communication challenges & usability hurdles. This shift means cyber security careers are becoming more multidisciplinary. From protecting NHS patient records to defending financial services, securing supply chains & safeguarding national infrastructure, cyber security now touches every sector. Employers increasingly want professionals who understand law, ethics, psychology, linguistics & design alongside traditional technical skills. In this article, we’ll explore why UK cyber security careers are expanding in this way, how these five disciplines shape the profession, and what job-seekers & employers need to know to thrive in this new landscape.

Jobs

Cyber Security Team Structures Explained: Who Does What in a Modern Cyber Security Department

Cyber security has become a top priority for UK organisations of all sizes. From small businesses to financial institutions, healthcare providers, and government bodies, the risk of cyber attack is now a constant concern. Threats are more sophisticated, regulations more demanding, and customers more aware of data privacy than ever before. But defending against cyber threats isn’t simply about having the right tools — it’s about having the right team. A modern cyber security department relies on clearly defined roles and responsibilities to ensure that defences are proactive, incidents are managed swiftly, and compliance is maintained. This article explains the structure of a modern cyber security team, the roles you’ll typically find within it, how they collaborate, and what skills, qualifications, and salaries are expected in the UK job market.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.