Lead Technology Risk Analyst

Lead Analyst, Technology Risk in Technology Office of the Chief Information Officer (OCIO)
Permanent, full-time
Flexible Working Options:
Flexible start and end times of the working day to assist with school run and other appointments.
A 50% in-office attendance requirement can be spread across the month to accommodate diverse working patterns
Working from abroad policy - short period (subject to approval and policy within the team)
Our modern, accessible office in the City Centre offers a supportive, flexible working environment. You'll work collaboratively with London-based colleagues in a hybrid model, with regular opportunities to travel into the London office to meet and connect together in person.



Discover what makes our Leeds office such a dynamic place to work by visiting our Leeds page for more details.



A typical day would start with reviewing any operational issues being reported to see if these are in new areas that haven't registered risk issues. The risk and audit team would meet at 10, allowing for school run commitments, for a cascade of information from the manager about projects (new and ongoing), new items of work focus coming, operational and audit concerns of senior Technology Directorate Management. The team would then discuss key control and risk issues of the different divisions within the directorate and any engagement information. At this time, we would also discuss progress on the development and deployment of our new risk operating model. You may then have a meeting as key risk contact with one of the divisions' Local Risk Control Officers to assist and advise on the management of their risk controls and remediation of any risk issues. If you are in the office, you may go to lunch with a colleague using the in-house catering facilities. In the afternoon you may be involved with a business risk committee meeting representing Technology risk oversight, focusing on their specific application services. This followed by continuing constructing / reviewing a report for one of the many regular risk governance meetings or perhaps taking a self-paced education module from our comprehensive training facility. You may then be meeting with one of the technology teams to understand new technology they are proposing to introduce as part of our key transition to a new Technology Directorate Operating Model or be having a one-to-one discussion with a colleague on enhancing our risk or audit management processes.
This role is focused on all aspects of technical operational service provision that the Technology Directorate supplies to our business for them to meet their operational and Bank objectives. This includes the full scope of risk considerations including skills, resources, finance and process. The role holder will need to have the technical understanding, from experience, to identify risk situations and confidence to challenge operational practices. You will have a textbook understanding of industry best practice of technology risk management and frameworks and are passionate about developing / running effective risk management. You will have good experience of the IT audit process, requirements and management of audit compliance work.
Experience in managing an organisation's technology operational risks for the full IT Delivery life cycle in a structured manner.
Expert level of understanding of operational risk principles, controls, processes, terminology and industry frameworks.
Experience of building effective working relationships with others and provide challenge where appropriate.
Practical experience of technical audits and processes, including requirements, evidence presentation, management responses and agreeing closure.
Good technical understanding of business drivers, IT architecture, constructs, interactions, processes and dependencies, using skills and knowledge to provide risk management consultancy to different functions within the Technology department.
Can provide effective translation of technical risk into business risk impacts and vice-versa.
Able to provide risk management requirements / opportunities for new and evolving ways of working e.g. cloud-based service provision, Agile ways of working, AI tools etc.
Analytical, with strong attention to detail and ability to analyse multiple data sources to identify and respond appropriately to risks.
Strong IT operational analysis and solution definition skills to assist in the identification of appropriate technical risk mitigation requirements.
Able to assimilate comprehensive requirements covering all aspects of IT to identify the wider risk picture, strategic risks and risk controls.
Able to maintain a directorate level viewpoint to ensure that the risk and audit interests of the Executive Director of Technology / CIO are fulfilled at all times.
Methodical, Proactive, tenacious, resourceful and flexible and able to work with enthusiasm in a changing and sometimes, time pressured environment.
Understanding of ITIL based service delivery and operations procedures
Good stakeholder management, interpersonal and influencing skills.
Good creation of structured documentation and reports and diligence in quality assuring the work of peers.
Capable of coaching and mentoring colleagues e.g. local risk representatives across the divisions.
Certified in industry recognised risk management methodologies such as COBIT, TOGAF, CRISC, CISA.
Project Management understanding if not a certified practitioner
Business case construction and financial management experience
The Technology Directorate of the Bank provides the technical services and solutions for the Bank to be able to deliver its mission to maintain monetary and financial stability.
The Office of the Chief Information Officer (OCIO) Division is one of several within the Technology Directorate. The Technology Risk and Audit Team (TRAM) sits within OCIO and provides risk and audit management for the operations of the Technology Directorate.
Overseeing the 1st line risk management of Technology's services, the TRAM team provides reporting to the Technology and the Bank's risk governance boards and to the 2nd line Bank wide risk management function. The TRAM team provides a risk operating model to ensure risks controls are identified, maintained for effectiveness and risk issues are captured, mitigation plans are effective and tracked to completion. TRAM also provides an audit management framework to ensure audits within the directorate are efficiently planned and executed and any findings are addressed in the timescales required.
The team members work closely with Technology colleagues and wider Bank risk stakeholders in a collaborative way to identify control weaknesses and opportunities for efficiency improvements, as part of our continuous improvement mandate.
We are currently building out a new Technology Risk Operating Model as part of a new Technology Directorate Operating Model. We are in an exciting period of change, with a new management structure, ways of working and new and expanding services being introduced to the Bank.
The Bank values diversity and inclusion - we want to reflect the society we serve better; We value all forms of diversity, including but not limited to age, disability, ethnicity, gender, gender identity, race, religion and sexual orientation. One way we support diversity and inclusion is through our staff run networks.
We are fully committed to having a diverse and inclusive working environment and are open to considering how the role might be carried out with flexible working.
Our Approach to Inclusion

The Bank values diversity, equity and inclusion. We play a key role in maintaining monetary and financial stability, and to do that effectively, we believe we need a workforce that reflects the society we serve.



At the Bank of England, we want all colleagues to feel valued and respected, so we're working hard to build an inclusive culture which supports people from all backgrounds and communities to be at their best at work. We celebrate all forms of diversity, including (but not limited to) age, disability, ethnicity, gender, gender identity, race, religion, sexual orientation and socioeconomic status. We welcome applications from individuals who work flexibly, including job shares and part time working patterns. For most roles where work can be carried out at home, we aim for colleagues to spend half of their time in the office, with a minimum of 40% per month. Finally, we're proud to be a member of the Disability Confident Scheme. If you wish to apply under this scheme, you should check the box in the 'Candidate Personal Information' under the 'Disability Confident Scheme' section of the application.



In addition, we also offer a comprehensive benefits package as detailed below:

~ Currently a non-contributory, career average pension giving you a guaranteed retirement benefit of 1/80th of your annual salary for every year worked. There is the option to increase your pension (to 1/65th) or decrease (to 1/105th) in exchange for salary through our flexible benefits programme each year. A discretionary performance award based on a current award pool.
~ An 8% benefits allowance with the option to take as salary or purchase a wide range of flexible benefits.
~26 days' annual leave with option to buy up to 12 additional days through flexible benefits.
~ Private medical insurance and income protection.

Employment in this role will be subject to the National Security Vetting clearance process (and typically can take between 6 to 12 weeks post offer) and the passing of additional Bank security checks in accordance with the Bank policy. Further information regarding the vetting and security clearance requirements for the role will be provided to the successful applicant, and information about how the Bank processes personal data for these purposes, is set out in the Bank's Privacy Notice.



The Bank of England welcomes applications from all candidates, but as a UK Visas and Immigration (UKVI) approved sponsor, we have a responsibility to comply with the Immigration Rules and guidance. As such, our ability to employ individuals who require sponsorship for immigration purposes is limited. Please apply online, ensuring that you complete your work history and answer ALL the application questions fully and in detail as your application will not be considered if all mandatory questions are not fully completed.