IT Risk & Controls Manager

This is an exciting opportunity to join Shawbrook’s CTO function as a key member of the Technology Risk & Governance team. Reporting directly to the Director of Technology Risk & Governance, you will lead the first-line IT Risk & Controls function, shaping how technology risk is identified, managed, and embedded across the Bank.

This role offers real scope to innovate, optimise, and automate the way we manage technology risk. You’ll have the freedom to challenge the status quo, simplify complex processes, and introduce creative solutions that strengthen control effectiveness and drive continuous improvement.

Leading a small, capable team, you will act as a trusted advisor to senior technology leaders—balancing oversight with practical, hands-on delivery. You’ll play a pivotal role in ensuring Shawbrook’s technology control environment remains robust, well-documented, and aligned with the Bank’s risk appetite, regulatory expectations, and operational resilience objectives.

This is an opportunity for an experienced IT risk professional who thrives in a collaborative, forward-thinking environment—someone who can combine structure with curiosity and influence change through insight, not instruction.

Risk and Control Oversight

• Lead the first-line IT Risk & Controls function, providing proactive oversight, support, and challenge on all aspects of technology risk management.
• Manage the Technology Risk Register within the Bank’s GRC platform (AuditBoard), ensuring risks, controls, events, and issues are accurately recorded and regularly reviewed.
• Facilitate the twice-yearly Risk and Control Self-Assessment (RCSA) process, ensuring a robust and evidence-based evaluation of control design and operating effectiveness.
• Coordinate and maintain control testing plans, supporting design and operational effectiveness reviews across all technology domains.
• Ensure timely logging and management of risk events, control gaps, and policy non-compliance issues.

Governance and Reporting

• Own and manage the monthly Technology Risk Committee—setting the agenda, curating management information, and ensuring action tracking and escalation are effective.
• Support the preparation of technology input to Group risk forums and produce MI and thematic analysis for the CTO and CRO functions on key risk themes, performance trends, and control maturity.

Assurance and Audit Coordination

• Act as the central coordination point for technology-related audits, reviews, and regulatory returns (e.g., REP018, SWIFT, KPMG assurance).
• Track audit findings and management actions to completion, ensuring evidence is captured and remediation progress is monitored in AuditBoard.
• Support lessons-learned reviews following incidents or near-misses, ensuring improvement actions are defined and embedded.

Optimisation and Continuous Improvement

• Drive automation and data-led insights across risk management processes—simplifying reporting and enhancing transparency.
• Partner with control owners to identify opportunities to streamline evidence collection, improve efficiency, and strengthen control outcomes.
• Build and mentor a small team, fostering a culture of accountability, curiosity, and proactive problem solving within the first line.