Job description

  • Location:
    United Kingdom
  • Employee Type:
  • Department:
    IWI Operations Team
  • Division:
    IWI Compliance & Risk
  • Employment Type:
    Full time
  • Salary:

Operational Risk Manager- IT (5023)

We're one of the UK's leading investment management companies, with responsibility for over £40 billion of client assets. We've worked closely with clients and their trusted advisers for many years and gained a unique understanding of the specific needs of our clients.

Investec Wealth & Investment seeks to deliver exceptional levels of customer service and has been trusted to meet the needs of private investors for almost 200 years. But our eyes are focused on your future.

Right now we're a team of over 1400 dedicated professionals located across 14 sites in the UK. We're looking to strengthen our team and need you to come on board and make a difference.

Research shows that some candidates can be reluctant to apply to a role unless they meet all the criteria. We pride ourselves on our entrepreneurial spirit here and welcome you to do the same – if the role excites you, please don't let our person specification hold you back. Get in touch!

Team Description

The IW&I Operational Risk team is responsible for the development, implementation and maintenance of the IW&I operational risk management framework, policies and practices.

Specific responsibilities include:

  • Support and challenge senior management in meeting their responsibility for identifying and managing operational risk.
  • Engage with senior management on operational risk exposures and provide recommendations regarding mitigation.
  • Establish and promote an appropriate framework, policies and practices to identify, assess, measure, monitor and report operational risk.
  • Monitor the implementation of operational risk management and mitigation initiatives, including challenge and review of operational risk management practices.
  • Ensure that operational risk data is complete, accurate and timely.
  • Monitor emerging practices and stakeholder expectations and develop an appropriate response.
  • Facilitate the operational risk scenario assessment process.
  • Training and education of IW&I staff on relevant operational risk matters.
  • Ensure that relevant regulatory requirements are evaluated and complied with.
  • Escalate operational risk exposures to IW&I senior management and provide recommendations regarding mitigation.
  • Report to the IW&I Board or IW&I Board committees on the operational risk profile.
  • Prepare the relevant regulatory reports.

Description of role and key responsibilities

This role is responsible for second line of defence oversight over IT Risk which includes:

  • Proposing appropriate risk appetite, ensuring appropriate risk appetite approvals through Board governance committees and monitoring IT Risk against stated risk appetite
  • Defining the IT Risk management framework (incl. Cyber) and policies
  • Defining IT Risk Management standards and incident response requirements
  • Maintain and run IT-related capital scenario / stress testing processes
  • Challenge implementation of the IT risk management framework, controls and policies by the first line
  • Assessing insurance needs based on risk appetite
  • Review and challenge risk identification, assessment and remediation within the first line
  • Identification of thematic risk exposures across the business
  • Monitor and analyse incident trends and work closely with the IT Risk team to understand the root causes and to track proposed remedial actions.
  • Monitor relevant regulatory obligations and peer/industry developments
  • Identify emerging technology and security risks
  • Assess external events to extract lessons learned and evaluate relevant internal controls
  • Produce Management Information packs which highlight key areas of IT risk.
  • Develop partnerships with colleagues across Compliance and Risk to promote risk management and compliance.
  • Build out relationships with peers within the Investec Group Operational Risk and Technology Risk teams.

Core skills and knowledge

Skills and how they are applied

  • Communication – engage with a wide range of colleagues and articulately discuss / write report on various issue (verbal / written / presentation).
  • Challenge – ability to challenge multiple SMEs and management on a wide range of topics and risks.
  • Attention to detail – to pick up on errors and produce accurate work, with strong analytical capability
  • Organised – work to multiple deadlines yet maintain flexibility through the workday
  • Strong interpersonal and relationship management skills


To include

  • Information Security Standards such as NIST, ISO 27001
  • IT Risk Frameworks such as COBIT
  • Enterprise Risk Management


  • 2-3 years' experience of IT Risk Management

Investec specific knowledge and how it is applied

  • No Investec specific knowledge required

Changes in the market, products, legislation & regulation relevant to the business area

  • Awareness to changes in markets, products, legislation and regulatory bodies that could affect Investec Wealth & Investment


Meet the recruiter

Charmaine Bannerman

Share this page
Share with linkedin
Share with facebook
Share with twitter
Share with email
Job Alerts
Create an alert subscription based on this Job


Private Medical Cover
Virtual GP
Gym Discounts
Psychologist Service
Annual Leave
Life Assurance