Head of Technology & Information Security Risk (2LoD)

Are you ready to lead the 2nd line of defence for technology and information security risk in a multi-region bank, shaping secure cloud architecture and governance? Can you translate complex security risk into clear, actionable guidance for senior stakeholders and the Board? Join Investec's IBP Operational Risk team as the Head of Technology & Information Security Risk (2LoD), where you'll lead the governance and ongoing evolution of our technology risk framework. You'll oversee risk across on‑prem, cloud, and AI initiatives, ensuring secure, scalable, and cost‑effective architectures that align with regulatory expectations and the Board's risk appetite. You'll partner with senior stakeholders across IT, security, audit, and business lines to embed risk discipline, drive improvements, and uplift the organisation's Tech Risk maturity and posture. What you'll be doing Define, govern and continuously improve the Technology & Information Security Risk framework for IBP, ensuring alignment with regulatory standards and the Board's risk appetite. Lead independent risk assessments of technology systems (applications, infrastructure, third parties), including risk articulation, control effectiveness, residual risk, and follow‑up actions. Oversee risk reporting tailored to management and Board audiences, ensuring clear escalation pathways and governance Provide guidance on risk events, ensuring timely, accurate business impact assessments and robust follow‑up actions Review third‑party exit strategies and resiliency plans, evaluating their adequacy for potential disruptions Track risk mitigation plans, ensure evidence of closure, and validate remediation only when fit for purpose Monitor forward-looking risks and emerging themes to help the Technology community anticipate and respond to changes Act as a trusted advisor to the broader community, promoting a strong risk culture and compliance with training initiatives Collaboratewith Internal Audit and other risk functions to ensure audit readiness and consistent risk management practices What we're looking for Extensive experience in a financial institution or regulated environment with a strong track record in 2LoD technology risk management Demonstrated ability to challenge 1LoD risk decisions and drive risk-based outcomes autonomously Deep technical understanding of Cloud, APIs, DevOps, AI, and SDLC; knowledge of Azure/AWS/GCP is advantageous Professional certifications such as CISSP, CRISC, CISA, CISM (or equivalent) are preferred Excellent stakeholder management, communication, and influencing skills; proven ability to mentor and uplift teams Strong analytical capability, risk assessment and governance experience, with a pragmatic, collaborative, and outcomes‑driven mindset