Job Description

Head of IT Risk and Control Governance

About the Job

The Technology Risk team, which is part of the IT Department, supports over 200 different applications and a wide range of infrastructure operating systems and databases across London, NY and Asia and provides IT Risk and Control Governance, Identity and Access Management Governance and Cybersecurity support across the Firm.

What you'll be doing

This London-based Information Technology Risk role is within the IT department of a Global Investment Bank. The Head of IT Risk and Control Governance role is to provide IT risk and control governance services globally. This role is responsible for safeguarding bank's IT infrastructure and application estate, protecting bank's critical IT assets, and ensuring effective Technology governance practices.


Develop, maintain, and implement an IT Risk and Control governance framework aligned with industry best practices, regulatory requirements, and the bank's risk appetite. Write policies and standards, support gap analysis, conduct risk and control assessments, review and approve exceptions, and maintain risk registers. Manage the risk identification, control gap assessment, mitigation, and tracking of IT risks across the bank's technology landscape. Lead a team of IT risk and control governance professionals in conducting risk assessments, tracking control gaps, managing technology end-of-life and vulnerabilities, handling IT risk incidents, ensuring supplier security assurance, overseeing release management, and managing IT audits. Collaborate with other IT functions to integrate IT risk and control governance into all technology initiatives. Ensure effective communication with key stakeholders to maintain relationships between Application, Infrastructure, Architecture, and Technology Risk teams. Interact with compliance, operational risk, audit, and legal teams to understand and map corporate security and regulatory requirements to current capabilities. Implement measures, systems, and processes to protect the bank's intellectual property. Maintain and report relevant metrics to facilitate decision-making and inform stakeholders about key risks, incidents, and progress. Ensure compliance with laws and regulations to maintain a secure IT environment. Support the IT Risk Governance forum by organising meetings, preparing materials, and reporting.

What you'll need to be successful

Preferred University graduation with a degree in Business, IT or a related subject Information Security and/or Information Technology industry certification (CISSP, CISM, CISSP-ISSMP, CRISC or GIAC equivalent) strongly preferred. Prior relevant industry experience within the banking and /or financial services sector in an IT Risk Management or security role Experience in the identification, evaluation and documentation of policies, process and controls Experience working with international cross-functional teams fostering collaboration and team work. Prior experience with the management of key incidents/errors and the ability to synthesize data, conceptualise and get to the root cause of processes that created the risk. Experience working in a multi-vendor and outsourced IT environment. Experience in developing IS strategy and frameworks in a financial institution. Experience in Business Analysis and Business Case Management. Experience directly assessing and communicating risk exposures and developing risk mitigation plans.

Knowledge, technical skills and expertise:

Strong understanding of technology and life cycle development processes (SDLC, technology operations, business continuity, etc.). Process management Knowledge of COBIT and ITIL processes including change, incident and problem management. Knowledge of standard business processes including work prioritization and best practices. Good understanding of domestic and international banking industry Knowledge of ICBC Standard Bank Plc business, BU products, key clients, BU strategy and strategic issues. Knowledge of regulatory requirements of home markets e.g.

Data Protection Personal attributes:

Global mindset Resilience Client mindset Pays attention to detail Results-orientated High level of integrity

Why should you join us?

ICBC Standard Bank Plc (ICBCS) is a leading financial markets and commodities bank, driven to deliver the right outcomes for our stakeholders, clients, counterparties and markets. We benefit from a unique Chinese and African parentage and an unrivalled global network and expertise. We're headquartered in London, with operations in Shanghai, Singapore and New York.


We're a diverse and close-knit global team. We put people first, giving talented, self-driven professionals the flexibility, rewards and freedom to grow their expertise and realise their potential.


Our vison statement, "Be Yourself, Succeed Together" underpins our drive for an open and transparent culture which values difference, enabling everyone to thrive whilst being themselves. We have an active E, D&I forum and we're growing other employee network groups, including for women and neurodiversity.


We're committed to the principle of equal opportunities. All applicants will be treated equally and will be considered on their merits and skills without discrimination.

What's in it for you?

Financial market-based pay based on skills and experience, discretionary annual bonus, pension contribution 10% (employee contribution 5%), travel insurance, life assurance and income replacement insurance. Hybrid working the option to work remotely up to two days per week, depending on the role. Family - 6 months fully paid maternity leave and enhanced shared parental leave. Coaching for family leave returners and access to emergency care via My Family Care. Miscarriage and menopause policies. Wellbeing - private medical insurance, Bike2Work scheme, health and fitness subsidy, holiday exchange and an Employee Assistance Programme. Community paid volunteering leave and Give As You Earn scheme. Vibrant CSR and engagement forums and fundraising for our charity partners. Development a suite of opportunities to build the skills you need to excel in your role
If you're excited about becoming part of our team, get in touch. We'd love to hear from you!


ICBCS has appointed Robert Walters Outsourcing (RWO) to manage its recruitment process and Preferred Supplier List (PSL). Unsolicited CVs sent directly to ICBCS or its staff from non-PSL agencies will not be accepted and no fees will be paid for such submissions.