CTO Head of Risk And Controls
Role details
Job location
Tech stack
Job description
The CTOi Head of Control Operations owns the control environment across CTO Infrastructure (CTOi) and evolves how controls are managed through proactive and data-based oversight. This role represents CTOi across key risk and control forums including the Technology RCMM chaired by the GCIO. You'll partner with senior stakeholders across technology and the wider business to strengthen the technology risk and control framework and improve how issues are identified and addressed. The remit spans information security, infrastructure, applications and vendor management in a highly regulated environment. You'll oversee a direct organisation of 170 people and manage an associated budget of USD 15m. Success means clearer control ownership, faster identification and closure of gaps and measurable improvements in control effectiveness and reporting.
What you'll be doing
- Own controls across CTOi and set a proactive, data-based approach to controls management and transformation
- Represent CTOi at risk and control forums including the Technology RCMM chaired by the GCIO
- Develop and maintain the technology risk and control framework aligned to enterprise risk strategy and regulatory requirements
- Establish policies and procedures across technology risk and control including disaster recovery, incident response and risk and security awareness training
- Identify and assess technology risks across information security, infrastructure, applications and vendor management
- Implement risk mitigation strategies and controls in partnership with technology teams and key stakeholders
- Monitor and report control effectiveness including the identification and resolution of control deficiencies and gaps
- Coordinate with operational risk, compliance and internal audit to manage technology risks in an integrated and consistent way
Requirements
- Bring substantial experience building and running technology risk and control frameworks in a regulated environment
- Demonstrate experience shaping policies and procedures for disaster recovery, incident response and security and risk awareness
- Show proven capability identifying and assessing technology risks across information security, infrastructure, applications and third-party providers
- Evidence delivery of effective risk mitigation strategies and control improvements with measurable outcomes
- Bring experience monitoring control performance, reporting to senior governance forums and closing control gaps
- Demonstrate strong stakeholder partnership across technology and business leadership including executive-level forums
- Show experience coordinating with second line risk functions, compliance and internal audit to align risk outcomes
- Bring experience managing budgets and resources for risk and control initiatives and working with vendors and partners