Technology Risk Associate - CIO | SCIB

Technology Risk Associate - CIO | SCIB Country:
United Kingdom

Join our community.

Santander Corporate & Investment Banking (SCIB) is Santander's global division that supports some of the world's most complex and sophisticated corporate and institutional clients, offering customised services and value‑added wholesale products to best meet their needs.

As part of our ongoing commitment to operational excellence and resilience, we are seeking a Technology Risk Associate to strengthen our global technology risk and control framework.

The role will be pivotal in ensuring that technology risks within Santander CIB London Branch are effectively identified, assessed, managed, and reported across the CIB technology landscape. Working closely with IT, cybersecurity, operations, and the Non-Financial Risk (NFR) function, the Technology Risk Associate will help ensure Santander CIB London Branch meets its risk appetite and regulatory obligations while supporting innovation and digital transformation.

• Lead the identification, assessment, and ongoing monitoring of technology risks across infrastructure, applications, and digital platforms.
• Support the implementation of the CIB Technology Risk Framework in alignment with Santander Group’s global Non-Financial Risk (NFR) policies.
• Maintain the technology risk register, ensuring that risks are accurately documented, assessed, and escalated in line with governance processes.
• Prepare and deliver risk reporting and insights to Technology Risk Committees, senior management, and global control forums.

• Evaluate the design and effectiveness of IT controls, including access management, change management, system security, and data integrity.
• Partner with second- and third-line teams to support internal and external audits, ensuring findings are addressed with sustainable remediation plans.
• Conduct thematic reviews and deep dives into key risk areas.
• Monitor adherence to Santander Group’s IT Control Standards.

• Collaborate with the CISO and Operational Resilience teams to ensure technology resilience, continuity, and incident response capabilities are robust.
• Contribute to scenario testing, crisis simulations, and lessons‑learned exercises.
• Support compliance with regulatory expectations including EBA ICT Guidelines, DORA, and Bank of England’s Operational Resilience Framework (where applicable).

• Provide risk advisory input for technology projects and new initiatives, ensuring that risk assessments and control design reviews are conducted early in the delivery lifecycle.
• Support the adoption of emerging technologies (e.g., cloud, AI, data analytics) in a controlled and compliant manner.
• Foster a strong risk culture within Santander CIB London Branch through awareness sessions, training, and stakeholder engagement.

• Produce periodic dashboards and risk trend analyses for CIB senior management, highlighting emerging risks, control gaps, and remediation progress.
• Define and maintain key risk indicators (KRIs) and performance metrics to track risk appetite adherence and technology control maturity.

These are the essential requirements you need to be successful in this role:

• Experience in cloud risk management, data protection, or cybersecurity governance.
• Professional certifications such as CISA, CRISC, CISSP, ITIL, or COBIT.
• Experience in technology risk, IT audit, or operational risk management within a large financial institution.
• Strong understanding of IT governance and control frameworks (e.g., COBIT, ISO 27001, NIST, ITIL).
• Familiarity with regulatory frameworks applicable to EU/UK banking (e.g., EBA ICT Guidelines, PRA/FCA expectations, DORA, GDPR).
• Excellent communication and stakeholder management skills with the ability to influence and challenge effectively.

• Bachelor’s degree in Information Technology, Risk Management, or a related discipline.
• Knowledge of Santander’s Non-Financial Risk (NFR) Framework and Group control environment is advantageous.