Back to Job Search

Operational Risk Manager - Cyber & Third Party Risk

  • Location: Manchester
  • Salary: c.£80,000 + Bonus + Benefits per year
  • Job Type:Permanent

Posted 10 months ago

  • Sector: Risk Management
  • Contact: Paul Sherlock
  • Contact Email:
  • Contact Phone: 0161 883 2746
  • Expiry Date: 16 October 2023
  • Job Ref: PS/10837

Our client is a leading and highly regarded Retail Bank who are looking to recruit within the firms highly successful 2nd line Operational Risk team. In this role you will assess, report and deliver cyber and third-party risk oversight in consultation with management to challenge, formulate and agree effective solutions to any identified shortfalls. You will work with colleagues across the 2nd Line of Defense and with senior management to assess the organisation’s risk profile; this includes providing an opinion on the risk maturity, performance against risk appetite measures and effectiveness of the control environment.

You will be responsible for monitoring, evaluating and challenging the ability of the First Line of Defense to identify, manage and report on cyber and third-party risks in line with internal standards and regulatory requirements and help embed a proactive risk culture, including providing relevant training and education as necessary. Support the Head of Operational Risk Oversight in the execution of their duties and appropriately represent them within the business in providing effective guidance, challenge, assurance and oversight.


  • Oversee and monitor cyber and third-party risks and controls across the Bank and provide early warning of adverse risk trends and emerging risks. This includes effectively analysing breaches, risk events, internal and external audit reports and second line compliance reports.

  • Work with key stakeholders across the Bank to implement operational risk best practice, ensuring the Risk Management Framework is understood and embedded. This includes management and treatment of current and emerging cyber and third-party risks.

  • Devise and execute a robust, risk-based cyber and third-party risk oversight programme, including continuous monitoring and thematic reviews and deep-dive assessments, with regular engagement across the three lines of defense.

  • Assess the Group’s cyber and third-party risk management capabilities including detection methods and ability to function through periods of change or disruption.

  • Ensure that first line management regularly reflect the risk profile in risk and control self-assessment (RCSA), in the risk register with appropriate actions set and tracked through to completion.

  • Provide oversight cyber and third-party Risk Acceptances, ensuring consistent and robust application and proactively following up with management on expiring risk acceptances.

  • Build strong partnerships with business leaders, control/audit/risk partners, First Rand to identify, mitigate and ensure operational risks are understood, appropriately remediated, governed, operationally and commercially balanced to enable strategic and regulatory outcomes.

  • Support stakeholders across the organisation to develop risk metrics and appetite thresholds, report on risk profiles, analysis, exposures, existing and emerging data risks.

  • Maintain up-to-date knowledge of operational risk-related regulatory legislation and provide insightful and meaningful reporting to the Executive Risk Committee, Board Risk Committee and other Risk/Management forums.


  • Expertise to enable credible and insightful challenge and oversight across the full range of operational and resilience risks. Experience in the oversight of cyber and third-party regulatory expectations.

  • Strategic insight and capability to identify and drive organisation preparedness for emerging threats.

  • Support the wider group risk teams to undertake ad-hoc activities related to the role as directed by line management.

  • Actively promote the risk culture through the business.

  • Ensure contribution to the team and colleagues.

  • Support training and awareness of operational risk across the Bank.