IT Risk Senior Consultant

Synechron is looking for an experienced Senior IT Risk Consultant to join our team and support the Head of IT Risk Management of a leading banking client based in London. In this role, you will coordinate EMEA regional reviews, support the implementation of a global Technology Controls Framework, and drive the evolution of IT risk appetite and tolerance statements along with the design and implementation of key risk indicators (KRIs).

You will act as a Subject Matter Expert (SME) on technology risk frameworks such as COBIT and NIST CSF, with strong knowledge of key technology risk regulations, including Operational Resilience and Privacy.

Role:

• Coordinate EMEA regional reviews and lead the implementation of the global Technology Controls Framework across the EMEA legal entities for our banking client
• Actively participate in technology controls program meetings, providing an EMEA regional perspective and working closely with regional technology process SMEs
• Review regional policies, standards, and processes in light of the evolving Technology Controls Framework and risk appetite statements to identify gaps or inconsistencies
• Provide SME guidance on technology risk, including risk and control frameworks including COBIT, NIST CSF, ISO 27001 and related frameworks
• Evaluate and interpret regulatory requirements relating to technology risk, operational resilience, and privacy within the banking sector
• Drive the evolution of IT risk appetite and tolerance statements, including the design and implementation of associated Key Risk Indicators (KRIs)
• Ensure that KRIs provide management with clear visibility into whether the organisation is operating within its stated risk appetite, and that there are well-defined escalation paths for breaches
• Track and manage the roadmap towards KRI implementation for key appetite statements
• Influence and collaborate with peers and stakeholders across the client’s technology organisation
• Prepare clear and impactful communications for senior leadership, translating complex risk concepts into business terms

Experience:

• Proven experience in technology risk management, ideally within the banking or financial services sector
• In-depth knowledge of IT control frameworks (COBIT, NIST CSF) and technology risk regulations (Operational Resilience, Privacy, etc.)
• Experience in designing and implementing risk appetite statements, tolerance levels, KRIs, and escalation processes
• Excellent communication skills, with the ability to engage and influence stakeholders, including senior leadership
• Strong ability to manage multiple projects and priorities effectively
• One or more of the following professional certifications is preferred: CISA, CISM, CISSP, CRISC, ISO 27001 Lead Auditor/Lead Implementor, CGEIT, ITIL, PCI DSS QSA, or relevant privacy certifications (e.g., CIPP/E, CIPM)

Location: London, hybrid working model (minimum 3 days per week in the office)

Diversity Statement

Synechron are proud to be an equal opportunity employer. Our Diversity, Equity, and Inclusion (DEI) initiative ‘Same Difference’ is committed to fostering an inclusive culture – promoting equality, diversity and an environment that is respectful to all. We encourage applicants from across diverse backgrounds, race, ethnicities, religion, age, marital status, gender, sexual orientations, or disabilities to apply. We offer flexible workplace arrangements, mentoring, internal mobility, learning and development programmes to support our global workforce.

Empowerment and collaboration are at the core of how we operate.

All employment decisions at Synechron are based on business needs, job requirements and individual qualifications, without regard to the applicant’s gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law.