Technology & Cyber Risk Manager

Technology & Cyber Risk Manager

Shift Pattern:

Standard 40 Hour Week (United Kingdom)

Scheduled Weekly Hours:

40

Corporate Grade:

D - Assistant Vice President

Reporting Line:

(UK Division) Risk - 2nd Line

Location:

UK-London

Worker Type:

Permanent

About the London Metal Exchange

The London Metal Exchange (LME) is the world centre for industrial metals trading. Most of the world's global non-ferrous futures business is conducted on the LME's three trading platforms totalling $18 trillion, 178 million lots and 4 billion tonnes with a market open interest high of 1.8 million lots in 2024.

The metals community uses the LME, an HKEX Group company, as a venue to transfer or take on price risk, as a physical market of last resort and as the provider of transparent global reference prices.

Overall Purpose of Role:

The Technology & Cyber Risk Manager is responsible for supporting the Head of Technology & Change Risk in the development, maintenance and oversight of the technology, information security / cyber, change and data risk frameworks and associated risks, ensuring the employment of adequate controls and risk reporting. They are responsible for developing and evaluating the overall technology and cyber risk landscape and the potential impact to the London Metal Exchange (LME) Group's operational resilience.

The Technology & Cyber Risk Manager will work closely with the rest of the LME Group Risk Management department, and collaboratively with the Hong Kong Exchanges Group (HKEX) parent company, to design and establish robust 2nd Line monitoring, oversight and assurance processes. They will provide risk guidance and support to the 1st line and assist the Technology functions and broader departments in the identification, assessment, treatment, monitoring and reporting of their technology and resilience risks.

The role supports the delivery and implementation of the wider Enterprise Risk Management Framework (ERMF) for the LME Group.

Responsibilities:

• Work with 2nd line of defence colleagues to facilitate delivery of the technology risk and operational resilience elements of LME's ERMF.

• Work closely and cooperatively with the 1st , 2nd and 3rd line teams to ensure that technology risks are identified, assessed, reported, and managed appropriately.

• Help to develop and maintain reporting of the technology, cyber, data and change key risk indicators (KRIs) in line with the wider LME Group risk appetite statements.

• Lead 2nd line oversight of internal technology incidents and have an active involvement in any post incident reviews.

• Working with the cross functional teams to develop and implement the Technology Risk & Control Self-Assessment process to identify and assess key risks/internal controls.

• Participate in key technology projects and change initiatives to bring pro-active risk management focus into the final delivery and solutions. Support signature projects by conducting risk and control assessments.

• Support LME Group maturity projects to enhance operational resilience risk management.

• Assist in producing the relevant technology risk reports for both LME and HKEX management and the various Risk, Audit and Technology Governance Committees, as required.

• Work with the HKEX Group colleagues to ensure the consistency of the LME technology risk programme with Group policies and procedures. Maintain the LME Group policy and processes, working with colleagues in Hong Kong and London.

Academic and Professional Qualifications Required:

• ITIL Foundation, CISA, CISM, CISSP, CRISC or equivalent IT/Technology/Information Security qualification is desirable but not essential.

• Risk Management qualification is desirable, but not essential.

Required Knowledge and Level of Experience:

• Experience in the IT/Technology/Information Security risk management and/or IT Audit domains or have operated equivalent related activities within the financial industry.

• Understanding and experience of complex Technology systems and industry Operational Resilience regulations.

• Understanding of the current and future Technology risks.

• Worked in a technical role, delivering / operating Technology systems, desirable but not essential.

• Executed Technology risk oversight for change activities, desirable but not essential.

• Ideally, the successful candidate will have experience of working within an Exchange and/or Clearing House - desirable, but not essential.

The LME is committed to creating a diverse environment and is proud to be an equal opportunity employer. In recruiting for our teams, we welcome the unique contributions that you can bring in terms of education, ethnicity, race, sex, gender identity, expression & reassignment, nation of origin, age, languages spoken, colour, religion, disability, sexual orientation, and beliefs. In doing so, we want every LME employee to feel our commitment to showing respect for all and encouraging open collaboration and communication.

---