Head of Technology Vendor Risk Governance and Oversight Head of Technology Vendor Risk Governance and  …

State Street
in London, England, United Kingdom
Permanent, Full time
Be the first to apply
State Street
in London, England, United Kingdom
Permanent, Full time
Be the first to apply
State Street
Head of Technology Vendor Risk Governance and Oversight
Interested in engaging with the thought leaders driving technological innovation and transformation at a large financial services organization? Technology Business Controls supports the management and execution of IT Risk programs, leveraging new technologies, tools and best practices to drive automation, consistency and quality of results. Our focus is Regulatory Compliance, Risk and Control for all Technology Risks as part of the corporate First Line of the Defense our mission is to ensure that the risk in our environment is well understood and managed, with effective controls.

Summary Of The Key Purposes Of The Role

The main purpose of this role will be to manage:

  • Issues with end to end risk management, oversight & governance
  • Governance of all Technology Vendors - with risk based approach for monitoring and engagement
  • Governance of control deviations / gaps to ensure risks are in line with risk appetite
  • Governance and Validation of Audit Issues, and internal issues - end to end from remediation plan, control / design validation to implementation validation
  • Manage read across assessments of incidents / control gaps
  • Review and challenge Control Exceptions against Technology Control Objectives
  • End to End Management of Audit Issue Governance
  • Driving end to end remediation of Issues with effective reporting
  • Participate to global and regional committees
  • Drive control best practice and awareness
  • Follow-up on actions and help consolidation in global dashboards / scorecards
  • Business specific views of Impact of Transversal Audit Issues to their Business Units
  • Collaborate with functional risk managers and control assurance resources to ensure deliverables adequately represent all stakeholders


The successful candidate will have the experience, gravitas and confidence when briefing senior executives, to deputise for the Technology Business Control Executive in a range of committees. They will be the point lead for Technology Vendor Governance, driving validation of controls and governance. As well as driving regional and global engagement and alignment.

  • Graduate from engineering school or University, with a master degree in Information Technology.
  • Minimum of 10 years IT Risk Management / Audit and / or Security experience, at least 3 of which have been in a management role.
  • Risk Management experience within Financial Services is important
  • Knowledge of Risk analysis methodology
  • Knowledge of standards and best practices (e.g. COBiT, NIST)
  • Analytical and strong technical knowledge
  • Aptitude for learning new technologies
  • Proficient in Microsoft Office suite
  • Expertise in Vendor and Third Party Risk
  • Expertise in Cloud Assessments and Governance
  • Self-learning and training to ensure skills and knowledge are in-line with responsibilities
  • Excellent written and spoken communication skills
  • Very good team player with strong interpersonal skills
  • Openly shares knowledge with the team
  • Fluent in English
  • Experience preparing (or reviewed) SOC / third-party assurance reports