Technology Risk Manager

Are you passionate about enabling innovation safely in a highly regulated environment? We are seeking a Technology Risk Manager to join our Risk & Compliance function and operate as part of the First Line of Defence (1LoD) in protecting the firm against existing and emerging risks. In this role, you will help the firm identify, assess, manage and report technology risks including those relating to Data, AI and Operational Resilience embedding pragmatic risk management into day-to-day delivery, operational processes and third-party relationships. You will partner closely with Technology, Information Security, Data, Legal, Compliance and business stakeholders to ensure that risk is understood, owned, and managed in line with the firm's risk appetite-supporting growth, client trust and the right regulatory outcomes., The Risk and Compliance team is working closely with the Technology and Cyber teams at Mishcon de Reya to ensure colleagues and clients facing products and services are secure, resilient and well-governed. This role strengthens our ability to scale responsibly by ensuring risk management is embedded into how we operate and change globally. This role will report to the General Counsel., Risk Leadership & Ownership

• Act as a risk partner supporting Technology leadership and teams to own and manage risks within their areas.
• Maintain a clear view of the firm's technology risk profile across Data, AI and Operational Resilience and Technology operations e.g., infrastructure, cloud, applications, identity, endpoints, collaboration tooling. This includes maintaining a Technology Risk Register.
• Translate regulatory and internal requirements into practical controls and guidance, regularly assessing and reporting on the design and operating effectiveness of the control environment through controls validation.
• Promote a strong risk culture: "secure and compliant by design" while enabling pace and innovation.
Data Risk
• Work with the Technology Business Solutions, DPO and Data Governance teams to support effective management of data risks including:
- Updating policies and minimum standards. - Independently validating the Data Governance Framework and assessing the design and operating effectiveness of key controls. - Assessing, reporting on and tracking risk mitigation plans where risks are outside appetite. AI Risks and Responsible AI Enablement
• Help maintain and embed AI risk management for both internal and client-facing use cases, including:
- Use-case/product risk assessments (privacy, security, bias/fairness, explainability, IP, confidentiality). - Approval pathways and guardrails for generative AI tools. - Model/solution lifecycle controls (testing, monitoring, change management). - Support creation and maintenance of AI standards, playbooks and minimum control baselines aligned to the firm's risk appetite. Cyber / Information Security Risk
• Partner with Cyber Security to ensure security risks are identified, documented and actively managed across teams (Technology, brand etc.).
• Assess and report on the design and operating effectiveness of security controls ensuring control failures are addressed on a timely basis and reported/escalated where necessary.
• Where applicable, assist with security risk acceptances: ensuring decisions are documented, time-bound, and include remediation plans.
Technology & Operational Resilience Risk
• Assess and report on risk management for technology operations, including:
- Availability, resilience, backup and recovery of critical services - Capacity, obsolescence and technical debt - Change/release risk and service stability
• Contribute to business continuity and disaster recovery planning, testing and lessons learned.
• Monitor incident governance: capturing risk themes, root causes, control improvements and reporting.
Change, Delivery & Control-by-Design
• Help embed technology risk management into delivery lifecycles (Waterfall/Agile), including:
- Project/product risk assessments and go/no-go decision support - Design reviews to confirm controls are considered early - Support for secure SDLC practices and control evidence capture
• Help define "minimum viable controls" that are proportionate to risk and practical for teams.
Third-Party / Supplier & Outsourcing Risk
• Working closely with Technology to support the assessment and ongoing oversight of technology suppliers, including cloud and SaaS vendors:
- Due diligence, control requirements and contractual risk input - Ongoing monitoring (performance, incidents, compliance attestations) - Exit/portability and concentration risk considerations
• Maintain a view of material supplier risks and remediation actions
Governance, Reporting & Assurance Support
• Maintain and improve technology risk artefacts: risk registers, control libraries/universe, KRIs/KPIs, thematic findings and action plans.
• Provide clear reporting for Technology leadership and relevant governance committees.
• Support audits, second line reviews and regulatory requests by coordinating evidence and ensuring timely closure of actions.
  
  Risk and Compliance work in collaboration with the business to ensure best practice across the Firm, effectively managing all aspects of the regulation surrounding the efficient running of the Firm. We are looking for someone with high attention to detail who prides themselves on providing excellent service., Professional Experience:
• Proven experience in technology risk management or technology audit-ideally within a regulated or professional services environment.
• Demonstrable experience working in or alongside a Three Lines of Defence model, with an understanding of 1LoD responsibilities.
• Experience (depth and breadth) supporting risk management across multiple domains including data, AI, resilience, and Technology operations and change.
Domain Knowledge:
• Strong understanding of risk assessment techniques (inherent/residual risk, control effectiveness, action planning).
• Familiarity with control frameworks and assurance concepts (e.g., ISO 27001, NIST, COBIT, ITIL).
• Familiarity with UK regulations relating to the areas in scope for this role.
• Experience defining, embedding and monitoring controls-balancing pragmatism with robustness.
Leadership and Interpersonal Skills:
• Strong influencing skills to gain buy-in from stakeholders at all levels.
• Ability to navigate complex organisational dynamics and drive consensus.
Communication Skills:
• Exceptional verbal and written communication skills, with the ability to present complex ideas clearly and persuasively.
• Experience in presenting to boards, executive committees, and large audiences.
• Skilled in building and maintaining relationships with clients, partners, and internal stakeholders.
Personal Attributes:
• Passionate about innovation and driving change to enhance business outcomes.
• Open-minded and adaptable to new ideas and technologies.
• Strong focus on achieving goals and delivering measurable results.
• Ability to prioritize and manage multiple initiatives effectively.
• Commitment to the highest ethical standards and professional integrity.
  
  The Mishcon de Reya Group is an independent, international professional services business with law at its heart, employing over 1400 people with over 650 lawyers. It includes the law firm Mishcon de Reya LLP and a collection of leading consultancy businesses that complement the firm's legal services.
Mishcon de Reya LLP is based in London, Oxford, Cambridge, Singapore, Hong Kong and UAE. The firm services an international community of clients and provides advice in situations where the constraints of geography often do not apply.The work the firm undertakes is cross-border, multi-jurisdictional and complex, centred around three increasingly entwined and connected sectors: the Innovation Economy, Private Wealth and Capital, and Real Estate. The firm is known as a disputes powerhouse with a formidable capacity firmwide for dispute resolution. The Mishcon de Reya Group includes consultancy businesses MDR Discover,MDR Mayfair(in London, Singapore and Dubai), MDR ONE, and MDRi(in Hong Kong). The Group also includesMDR Lab, which invests in the most promising early stage legaltech companies as well as the Mishcon Academy, its in-house place of learning and platform for thought leadership. In 2024, the Group announced its first strategic acquisition in the alternative legal services market, flexible legal resourcing business Flex Legal. It also acquired a majority stake in Somos, a global group actions management business. We strive to create a fully diverse and inclusive workplace where all our people are empowered to fulfil their potential. We are proud of our agile working culture and are always happy to talk flexible working.