Technology Risk Business Partner

Responsibilities

• Business partnering, challenge & influence
• Act as the primary 2LoD business partner for technology risk across FNZ, covering platforms, products, services and third-party technology.
• Provide independent challenge to senior technology, security and delivery leadership on material technology risks and control effectiveness.
• Risk assessment, governance & reporting
• Provide a 2LoD opinion to risk reporting to GERC and GBRCC and escalate major concerns and risks effectively and appropriately.
• Ensure technology risks are clearly articulated with linkage to business impact, customers, operational resilience and regulatory exposure.
• Lead the 2LoD view on technology risk assessments for material change initiatives and strategic technology programmes.
• Shape Group-level technology risk reporting, including executive and Board-facing narratives.
• Identify systemic technology risk themes and drive escalation and resolution through Group governance, including ICEBERG where required.
• Contribute to the development and continuous improvement of Group technology risk standards, metrics and guidance.
• Provide 2LoD oversight and challenge of operational resilience and vendor risk management for technology, Cloud and SaaS suppliers, co-owning the risk assessment approach with Procurement.
• Act as a peer to regional and local CROs and Business Partners, supporting consistent application of Group standards while respecting local execution.
• Provide 2LoD oversight and challenge for AI technology adoption and deployment, ensuring appropriate controls are embedded across the AI lifecycle.
• Lead independent risk assessment of AI use cases (including model, data, security, privacy and regulatory risks) and support effective AI governance, including clear accountability and escalation routes.
• Actively participate in relevant fora and committees to provide 2LoD input, challenge and insight on material technology risk matters.
• Scope Boundaries
• In Scope
• Independent 2LoD oversight, challenge and advisory support on technology risk
• Review and challenge of technology risk identification, assessment and control effectiveness
• Escalation and reporting of material technology risks through Group governance
• Out of Scope
• Ownership or operation of technology systems, controls or remediation activities
• Day-to-day security operations or delivery execution
• Group CISO accountabilities and wider information security ownership (including security strategy, security operations, and ownership of security budgets, resources, tooling, architecture and implementation)
• Acting as a substitute for first line risk ownership or decision-making
• Key Deliverables
• Regular technology risk reporting pack(s) and Board-ready narrative, highlighting material risks, trends, and control effectiveness.
• Documented 2LoD opinions and challenge outputs for key governance fora (e.g., GERC/GBRCC) on material technology risk topics and decisions.
• 2LoD technology risk assessments for material change initiatives and strategic programmes, including clear articulation of business impact and residual risk.
• Thematic analysis of systemic technology risk issues (incl. root causes and recurring control gaps) with recommended escalation routes and prioritized remediation expectations.
• Inputs to, and continuous improvement of, Group technology risk standards, metrics and guidance to support consistent assessment and reporting across regions.
• 2LoD input to vendor risk management for technology, Cloud and SaaS suppliers, co-owned with Procurement, including documented risk assessments and contract/control expectations for material vendors (and ongoing monitoring insights where required).
• 2LoD assessment and governance support for AI use cases, including documented risk assessments and confirmation of accountability, controls and escalation routes across the AI lifecycle.
• Interaction with Regional and Local CROs and stakeholders
• Group CRO and Group Risk leadership - align on risk appetite and priorities, provide independent 2LoD insights on material technology risk themes, and support timely escalation and decision-making through Group governance.
• CISO and senior Technology leadership - provide constructive challenge on control design and effectiveness, agree expectations for remediation plans and timelines, and ensure technology risk considerations are embedded into strategic decisions and delivery plans.
• Delivery, Operational and other Group Risk B

Additional Information

Technology Risk Business Partner Role Purpose The Group Technology Risk Business Partner provides dedicated and independent Second Line of Defense oversight, challenge and advisory support on technology risk across FNZ, ensuring technology-related risks are identified, assessed, managed and reported in line with the Group Risk Management Framework, risk appetite and regulatory expectations. This includes understanding and providing oversight of risks emerging from the increasing use of AI-enabled applications across the business.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at fnz? Share your experience