The Vice President, Cyber & Technology Resiliency is responsible for advancing the firm’s global technology and cyber resilience capabilities across critical platforms, infrastructure and digital services supporting asset servicing, custody and investment management operations.

The role will help define and mature the Cyber & Technology Resiliency function, establishing strong collaboration across Global Technology Services (GTS), Global Cyber Security (GCS) and the Enterprise Resilience Office (ERO) to ensure the organisation can prevent, withstand, respond to and recover from technology or cyber disruptions affecting Important Business Services (IBS).

The individual will play a key role in strengthening resilience governance, embedding risk management disciplines, and improving transparency through meaningful metrics and reporting to senior leadership and regulators.

Key Responsibilities

1. Cyber & Technology Resilience Strategy

• Support the design and maturation of the firm’s Cyber and Technology Resilience framework, aligned with enterprise operational resilience strategy.

• Define standards and methodologies for resilience across:

  • infrastructure

  • applications

  • cyber defence capabilities

  • cloud and data platforms

• Ensure alignment with global regulatory expectations and industry frameworks.

• Contribute to the strategic roadmap for resilience maturity across technology domains.

2. Cross-Functional Integration (GTS, GCS, ERO)

• Act as a key integration point between:

  • Global Technology Services (technology infrastructure & engineering)

  • Global Cyber Security (cyber defence, threat monitoring)

  • Enterprise Resilience Office (IBS mapping, impact tolerances and scenario testing)

• Strengthen operating model alignment to ensure technology and cyber capabilities directly support Important Business Services resilience outcomes.

• Facilitate cross-functional working groups and governance forums to address systemic risks and resilience gaps.

3. Technology & Cyber Risk Management

• Identify, assess and track technology resilience risks impacting critical services and platforms.

• Support the development of risk mitigation strategies, including:

  • cyber attack scenarios

  • technology failure scenarios

  • cloud service disruptions

  • systemic vendor dependencies.

• Work with technology and cyber teams to embed resilience considerations in architecture, engineering and change management processes.

• Provide challenge and independent oversight of remediation plans

4. Scenario Testing & Crisis Preparedness

• Support design and execution of technology and cyber resilience scenario testing aligned to operational resilience frameworks.

• Develop severe-but-plausible scenarios covering:

  • ransomware

  • cyber-induced data integrity events

  • cloud provider failure

  • infrastructure outage

• Partner with crisis management and cyber incident response teams to ensure testing outcomes drive measurable improvements.

5. Resilience Metrics, MI and Reporting

• Develop and maintain resilience performance metrics covering cyber and technology capabilities.

• Produce executive-level reporting for:

  • senior technology leadership

  • enterprise risk committees

  • regulators

• Enhance the firm’s resilience reporting framework to provide clear insights into:

  • capability maturity

  • systemic technology risks

  • remediation progress.

6. Function Development

• Help shape and establish the Cyber & Technology Resilience capability within the Enterprise Resilience organisation.

• Define operating models, governance processes and roles across global teams.

• Promote best practices across regions and business units.

• Contribute to thought leadership on resilience within the organisation.

Key Deliverables

• Technology resilience maturity roadmap

• Integrated GTS / GCS / ERO operating model

• Cyber and technology scenario testing programme

• Global resilience risk register for technology

• Executive reporting dashboards on resilience capability

• Regulatory-ready documentation and evidence.

Stakeholder Engagement

Internal

• Global Technology Services leadership

• Global Cyber Security leadership

• Enterprise Resilience Office

• Technology Risk Management

• Business service owners

• Crisis management teams

External

• Regulators

• Industry working groups

• Strategic technology partners and cloud providers

Skills & Experience

Essential

• Experience in technology resilience, cyber resilience, technology risk or operational resilience within financial services.

• Strong knowledge of technology operating environments supporting asset management and custody businesses.

• Familiarity with regulatory frameworks including:

  • UK Operational Resilience

  • DORA

  • US regulatory expectations on resilience.

• Ability to translate complex technical risks into executive-level insights.

• Experience working across technology, cyber security and risk functions.

Desirable

• Background in technology infrastructure, cyber security or enterprise architecture.

• Experience supporting regulatory reviews or supervisory engagements.

• Knowledge of cloud resilience architectures and third-party risk.

Leadership Behaviours

• Enterprise mindset with strong cross-functional collaboration.

• Analytical and structured problem solving.

• Ability to influence senior technology and risk stakeholders.

• Clear communicator capable of simplifying complex resilience topics.

Success Measures

Short Term (12 months)

• Establish strong working model across GTS, GCS and ERO.

• Deliver enhanced technology resilience reporting and metrics.

• Identify and prioritise key technology resilience risks.

Medium Term (2–3 years)

• Demonstrate measurable improvements in cyber and technology resilience maturity.

• Embed resilience considerations into technology lifecycle and architecture.

• Deliver robust technology-focused resilience scenario testing.

Long Term

• Establish the organisation as a leader in technology and cyber resilience within the asset servicing sector.