Technology Risk Business Partner

Technology Risk Business Partner

 

Role Purpose

The Group Technology Risk Business Partner provides dedicated and independent Second Line of Defense oversight, challenge and advisory support on technology risk across FNZ, ensuring technology-related risks are identified, assessed, managed and reported in line with the Group Risk Management Framework, risk appetite and regulatory expectations. This includes understanding and providing oversight of risks emerging from the increasing use of AI-enabled applications across the business.

Key Responsibilities

Business partnering, challenge & influence

• Act as the primary 2LoD business partner for technology risk across FNZ, covering platforms, products, services and third-party technology.
• Provide independent challenge to senior technology, security and delivery leadership on material technology risks and control effectiveness.

Risk assessment, governance & reporting

• Provide a 2LoD opinion to risk reporting to GERC and GBRCC and escalate major concerns and risks effectively and appropriately.
• Ensure technology risks are clearly articulated with linkage to business impact, customers, operational resilience and regulatory exposure.
• Lead the 2LoD view on technology risk assessments for material change initiatives and strategic technology programmes.
• Shape Group-level technology risk reporting, including executive and Board-facing narratives.
• Identify systemic technology risk themes and drive escalation and resolution through Group governance, including ICEBERG where required.
• Contribute to the development and continuous improvement of Group technology risk standards, metrics and guidance.
• Provide 2LoD oversight and challenge of operational resilience and vendor risk management for technology, Cloud and SaaS suppliers, co-owning the risk assessment approach with Procurement.
• Act as a peer to regional and local CROs and Business Partners, supporting consistent application of Group standards while respecting local execution.
• Provide 2LoD oversight and challenge for AI technology adoption and deployment, ensuring appropriate controls are embedded across the AI lifecycle.
• Lead independent risk assessment of AI use cases (including model, data, security, privacy and regulatory risks) and support effective AI governance, including clear accountability and escalation routes.
• Actively participate in relevant fora and committees to provide 2LoD input, challenge and insight on material technology risk matters.

Scope Boundaries

In Scope

• Independent 2LoD oversight, challenge and advisory support on technology risk
• Review and challenge of technology risk identification, assessment and control effectiveness
• Escalation and reporting of material technology risks through Group governance

Out of Scope

• Ownership or operation of technology systems, controls or remediation activities
• Day-to-day security operations or delivery execution
• Group CISO accountabilities and wider information security ownership (including security strategy, security operations, and ownership of security budgets, resources, tooling, architecture and implementation)
• Acting as a substitute for first line risk ownership or decision-making

Key Deliverables

• Regular technology risk reporting pack(s) and Board-ready narrative, highlighting material risks, trends, and control effectiveness.
• Documented 2LoD opinions and challenge outputs for key governance fora (e.g., GERC/GBRCC) on material technology risk topics and decisions.
• 2LoD technology risk assessments for material change initiatives and strategic programmes, including clear articulation of business impact and residual risk.
• Thematic analysis of systemic technology risk issues (incl. root causes and recurring control gaps) with recommended escalation routes and prioritized remediation expectations.
• Inputs to, and continuous improvement of, Group technology risk standards, metrics and guidance to support consistent assessment and reporting across regions.
• 2LoD input to vendor risk management for technology, Cloud and SaaS suppliers, co-owned with Procurement, including documented risk assessments and contract/control expectations for material vendors (and ongoing monitoring insights where required).
• 2LoD assessment and governance support for AI use cases, including documented risk assessments and confirmation of accountability, controls and escalation routes across the AI lifecycle.

Interaction with Regional and Local CROs and stakeholders

• Group CRO and Group Risk leadership – align on risk appetite and priorities, provide independent 2LoD insights on material technology risk themes, and support timely escalation and decision-making through Group governance.
• CISO and senior Technology leadership – provide constructive challenge on control design and effectiveness, agree expectations for remediation plans and timelines, and ensure technology risk considerations are embedded into strategic decisions and delivery plans.
• Delivery, Operational and other Group Risk Business Partners – collaborate to provide an integrated 2LoD view across risk types (e.g., operational resilience, third-party and conduct), share emerging themes, and coordinate consistent messaging and escalation across stakeholder groups.
• Regional and local CROs – act as a peer and escalation point on technology risk matters, support consistency of risk assessment and reporting, and enable local risk ownership by providing guidance aligned to the Group Risk Management Framework and risk appetite.
• Internal Audit and Compliance – maintain effective working relationships to support assurance activity, ensure clear traceability from issues to risk themes, and help coordinate responses to audit findings, regulatory queries and compliance requirements.

Experience and capability profile

• Extensive experience in technology risk, information risk or operational risk within a complex, regulated financial services organisation
• Proven ability to provide credible challenge to senior stakeholders and influence executive outcomes
• Strong understanding of technology risk domains including resilience, security, third-party risk and large-scale change
• Experience with vendor risk management and operational resilience, operating with 3rd party providers..
• Experience assessing and governing Artificial Intelligence (AI) use cases, including understanding model, data, privacy, security and regulatory risks across the AI lifecycle
• Demonstrated experience operating in a three lines of defence model, ideally in a senior 2LoD role
• Ability to distil complex technical risk into clear, business-focused and Board-ready insights

About FNZ

FNZ is committed to opening up wealth so that everyone, everywhere can invest in their future on their terms. We know the foundation to do that already exists in the wealth management industry, but complexity holds firms back. 

We created wealth’s growth platform to help. We provide a global, end-to-end wealth management platform that integrates modern technology with business and investment operations. All in a regulated financial institution. 

We partner with the world’s leading financial institutions, with over US$2.4 trillion in assets on platform (AoP).

Together with our clients, we empower nearly 30 million people across all wealth segments to invest in their future.