We're Hiring: Operational Risk Manager Cyber & Resilience
Location: Remote, however Travel to Marlow, Bucks 1x a Month is required
Department: Risk
Hours: Monday - Friday 09:00-17:30
We’re looking for an Operational Risk Manager specialising in Cyber & Resilience to join our Risk team and provide second line oversight (2LOD) across cyber, technology and operational resilience risks.
This is a key assurance role, offering exposure to senior stakeholders and committees, where you’ll combine strong cyber and information security knowledge with practical risk management expertise.
You will act as a cyber risk subject‑matter expert within KMC Operational Risk, bridging technical cyber expertise and risk management, and supporting senior management and committees with clear, decision‑focused insight on cyber and resilience risk exposure.
Provide review** and challenge** of first line cyber, resilience and technology risk management activities.
Oversee cyber risk coverage within RCSAs, scenario analysis and operational risk assessments.
Assess control design and effectiveness across areas including:
- Cyber and information security
- Cloud and third party technology services
- Data protection, availability and resilience
Identify emerging and interconnected cyber risks, escalating where risk appetite may be threatened.
Provide second line oversight of cyber incidents, near misses and control failures, including root cause analysis and remediation.
Track and validate closure of significant cyber risk issues and audit findings.
Support the development and monitoring of risk indicators, thresholds and tolerances.
Partner closely with Operational Resilience teams to embed cyber risk into:
- Important Business Services mapping
- Impact tolerances
- Severe but plausible cyber scenarios
Produce high quality management information and reporting for senior forums, including executive committees and Board level packs.
Act as a risk business partner to selected areas, building strong collaborative relationships while maintaining independence.
Coach and support first‑line teams in improving cyber risk identification and documentation, while maintaining independence
Preparing regular and ad-hoc management information/reporting for various forums including Board and ERMC, reviewing reporting submissions prior to final submission.
- Strong experience in cyber security and operational risk
- Experience working in a heavily regulated environment
- Background in Risk, Audit or Compliance, with a solid understanding of risk and control frameworks.
- Ability to communicate complex technical topics clearly to non technical stakeholders.
- Confident, organised and detail focused, with the resilience to operate in a changing regulatory and technology landscape.
- Comfortable working independently while contributing to a close knit team.
- Strong working knowledge of Microsoft Excel and PowerPoint.
- Professional certifications such as CISA, CRISC, IRM or equivalent.
- Experience working with AI would be an advantage
At Kensington Mortgages, we believe our employees are the heart of our success. We are committed to creating a supportive and flexible work environment that values personal growth, professional development and a healthy work life balance
Our inclusive culture respects and celebrates diversity in all its forms, ensuring that everyone feels welcome, valued and understood. We recognise and appreciate differences in thinking, learning styles, gender, race, identity, ethnic origins and sexual expression.