FreeHire

Schroders

Senior Manager, Cyber & Technology Risk

Show

Who we’re looking for

We are looking for an experienced cyber and technology risk professional with strong technical skills combined with the ability to communicate with and influence both technical and non-technical senior management.

About Schroders

We’re a global investment manager. We help institutions, intermediaries and individuals around the world invest money to meet their goals, fulfil their ambitions, and prepare for the future.

We have around 6,000 people on six continents. And we’ve been around for over 200 years but keep adapting as society and technology changes. What doesn’t change is our commitment to helping our clients, and society, prosper.

The base

We moved into our new HQ in the City of London in 2018. We’re close to our clients, in the heart of the UK’s financial centre and we have everything we need to work flexibly.

Team Overview

The Non-Financial Risk function is comprised of several key teams:

  • Operational Risk

  • Cyber &Technology Risk

  • Operational Resilience & Business Continuity

The Cyber & Technology Risk team operates as part of the second line of defence, providing oversight across Schroders. This team develops and maintains the tools and frameworks necessary for overseeing cyber and technology risks. It collaborates closely with Global Technology, Information Security, and first-line business units to ensure such risks are clearly defined, assessed, managed, and reported.

Key responsibilities include:

  • Overseeing cyber risks via the Information Security Risk Oversight Committee and through review of KRIs and KCIs.

  • Collaborating with information security teams to ensure effective articulation, assessment, and management of cyber risks.

  • Providing oversight of technology risk through risk control assessments and engagement on strategic technology initiatives.

  • Monitoring cyber and technology-related risk events to ensure thorough root cause analysis and appropriate remediation.

  • Providing oversight of key cyber and technology initiatives

  • Undertaking targeted reviews of key areas of cyber risk.

What you'll do

Primary responsibilities include:

  • Provide technical 2nd line oversight of Cyber and Technology, ensuring risks are identified and escalated to appropriate senior stakeholders. Work with the 1st line to improve their controls and improve risk management.

  • Facilitate the ongoing effectiveness of the Information Security Risk Oversight Committee (ISROC) as the primary governance forum for overseeing the management of Cyber Risk across the Group by:

  • Using a risk based approach to help identify appropriate topics for inclusion on the agenda;

  • Ensuring high quality submissions are provided as requested;

  • Ensuring senior stakeholders are fully briefed on key topics prior to the committee; and

  • Providing direct challenge to first line senior management at the committee when required.

  • In response to requests from senior management or governance committees (including the Group Risk Committee and ISROC) undertake risk-based reviews of key cyber security and technology processes and controls. Ensuring that findings are appropriately risk assessed and management identify appropriate plans to mitigate the risk.

  • Develop strong and effective working relationships across all 3 lines of defence to facilitate effective identification, management and remediation of cyber and technology risks.

  • Review and interpret Red/ Purple Team test results identifying key messages and being able to articulate them to non-technical audiences via briefings.

  • Demonstrate strong understanding of what are effective response and recovery strategies for cyber incidents.

  • Apply insights from experience within leading financial services firms to drive enhancements across cyber and technology risk.

  • Draft entity board-level reports for senior leadership and governing bodies.

  • Present confidently at governance committee meetings, when required.

The knowledge, experience and qualifications you need

  • Degree-level education (or equivalent relevant experience).

  • Significant, demonstrable experience in technology and cyber risk within a control/risk environment (e.g., Internal Audit, 1st Line or 2nd Line Risk/Control).

  • Strong hands-on technical understanding of cyber risk, including key security domains, common control frameworks, and how to assess control effectiveness.

  • Experience within Financial Services, ideally asset or wealth management, with an understanding of regulatory expectations and risk governance.

  • Excellent written communication and attention to detail, with the ability to produce clear, accurate, audience-appropriate reporting (including senior and non-technical stakeholders).

  • Strong analytical and problem-solving skills, able to interpret complex information, identify root causes, and form sound risk-based judgements.

  • Strong stakeholder management and influencing skills, with a collaborative, team-oriented approach and confidence to provide robust challenge where needed.

The knowledge, experience and qualifications that’ll help

  • Professional certifications information security/technology risk (e.g., CISA, CISM, CISSP or equivalent).

  • Knowledge of asset or wealth management products, operating models and technology landscape.

  • Consulting/Big Four experience, including delivering risk assessments and presenting findings to senior stakeholders.

  • Experience in a 1st line technology or cyber security function, partnering closely with engineering/security teams.

  • Broader banking experience (investment or retail) in a 1st or 2nd line technology/cyber risk capacity.

We recognise potential, whoever you are

Our purpose is to provide excellent investment performance to clients through active management. Diversity of thought, facilitated by an inclusive culture, will allow us to make better decisions and better achieve our purpose. This is why inclusion and diversity are a strategic priority for us and why we are an equal opportunities employer. You are welcome here, regardless of your age, disability, gender identity, religious beliefs, sexual orientation, socio-economic background, or any other protected characteristic.