Senior Director – Operational Risk, IT and Cyber risk


Full Time Senior-level / Expert
OakNorth logo


The ON Credit Intelligence Suite delivers commercial bank lenders instant credit analysis & real-time portfolio insights as dynamic as the market itself.

View all employer listings

Apply now Apply later

MissionWe are currently recruiting for a Senior Director, who will be responsible for providing ‘second line’ assurance of the operational resilience of the bank; overseeing an effective overall operational risk framework and a resilient and cyber-secure IT platform. This is an exciting and key role within our growing Risk & Compliance function, reporting directly to CRO. Successful candidates will have strong experience in designing operational risk frameworks and designing IT infrastructure and protective controls. This role will operate on a cross functional basis, and will involve liaising with Product and IT teams on a day to day and project basis.


  • Design and embed the Operational Risk Framework and support and oversee the Operational Resilience programme
  • Assist ‘first line’ in identifying and evaluating risk areas and vulnerabilities across all operational activities, and maintain the Risk Registers
  • Support the design and communication of robust Policies & SOPs across the business, including governance of the SOP forum
  • Design and drive the RCSA and CCRC process
  • Deliver operational risk analysis for ICAAP and ILAAP
  • Provide guidance and advice on the Bank’s IT Strategy and IT Architecture and review it from a ‘second line’ assurance perspective, in order to support the CTO, CISO, the Director Cybersecurity, and the Director IT Operations in the ‘first line’ who lead its development. The objective is to ensure its resilience, using up-to-date best practice
  • Review governance, policies, procedures, systems, tools and controls for IT operations and cyber security, to ensure their adequacy and effectiveness in protecting the Bank’s infrastructure and its data security
  • Provide assurance over design compliance with relevant standards, and maintain an independent assessment of the Bank’s overall maturity and status against the NIST, ISO27001 and CQUEST frameworks, and report regularly to senior management
  • Provide an independent view of existing and emerging threats and risks to the Bank, and overview the adequacy of cyber threat intelligence activity. Liaise with industry bodies as appropriate to undertake this
  • Manage an on-going programme of ‘second line’ assurance of IT resilience and cyber security, including independently monitoring and analysing data / MI on IT operations and activity, review of testing (such as Pen Testing) and controls over Outsourced Service Providers, including the Security Operations Centre service
  • Deliver on-going programme of Thematic Reviews of processes, business areas, and the IT infrastructure and cyber defences
  • Organise Operational and Cyber Risk training for Bank staff and the EXCO and Board
  • Report to EXCO, ERC and Board as part of the Risk team’s monthly and quarterly reporting

Required experience:

  • In-depth knowledge of operational risk management controls and methodologies such as RCSA and scenario modelling, and the regulatory framework applicable to this area including PRA and EBA regulation and guidance
  • In-depth knowledge of IT resilience and cyber security risk management controls and methodologies including ISO270001, NIST, CQUEST
  • Experience in current best practice in IT architecture design, cybersecurity, and data protection, and of the regulatory framework applicable to this area including PRA and EBA regulation and guidance
  • Successful candidates will ideally have previous financial services or banking experience
  • Able to adopt a business partnering mindset and approach, and partner with stakeholders in different parts of the business
  • Strong written and verbal communication skills 

Benefits & Perks:

  • Equity. We want people to have a stake in the business so that all our interests are aligned
  • 25 days holiday
  • Personalised benefits – opt-in to what matters to you
  • Enhanced family leave
  • Wellbeing and social events
  • Barista bar 
About UsWe’re OakNorth Bank and we embolden entrepreneurs to realise their ambitions, understand their markets, and apply data intelligence to everyday decisions to scale successfully at pace.  Banking should be barrier-free. It’s a belief at our very core, inspired by our entrepreneurial spirit, driven by the unmet financial needs of millions, and delivered by our data-driven tools. And for those who love helping businesses thrive? Our savings accounts help diversify the high street and create new jobs, all while earning savers some of the highest interest on the market.  But we go beyond finance, to empower our people, encourage professional growth and create an environment where everyone can thrive. We strive to create an inclusive and diverse workplace where people can be themselves and succeed. Our story OakNorth Bank was built on the foundations of frustrations with old-school banking. In 2005, when our founders tried to get capital for their data analytics company, the computer said ‘no’. Unfortunately, all major banks in the UK were using the same computer – and it was broken.  Why was it so difficult for a profitable business with impressive cashflow, retained clients, and clear commercial success to get a loan?  The industry was backward-looking and too focused on historic financials, rather than future potential. So, what if there was a bank, founded by entrepreneurs, for entrepreneurs? One that offered a dramatically better borrowing experience for businesses? No more what ifs, OakNorth Bank exists.  
For more information regarding our Privacy Policy and practices, please visit:

Tags: Analytics Banking Compliance Finance Governance ISO 27001 IT infrastructure Monitoring NIST Pentesting Privacy Risk analysis Risk management Strategy Threat intelligence Vulnerabilities

Perks/benefits: Startup environment Team events

Region: Europe
Country: United Kingdom
Job stats:  1  0  0
  • Share this job via
  • or

Other jobs like this

Explore more Cybersecurity career opportunities

Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.