IT Risk & Controls Manager

Shawbrook is a new type of specialist financial services company, combining the relentless focus on customer service and innovation you would expect from a fintech with the expertise and certainty of a bank. Shawbrook is driven by a purpose to solve complex problems that unlock opportunity for its rapidly growing customer base of over 300,000 UK consumers and businesses.

Our success would not have been possible without our Team. Our people differentiate us from the competition through their deep sector knowledge, they are the life force of our business.

Join Shawbrook because you:

• Want to help us deepen our industry sector knowledge, combining technology alongside the best banking brains.
• Want to build a bank for the future and be part of our digital transformation journey that will enable customers & businesses to thrive
• Want to continue to grow professionally. We encourage you to grow and be the best version of yourself.
• Care about sustainability? We want to be better for our people, environment and society.
• Bring passion and enjoyment to your work. You’ll work hard but you’ll have fun too.

This is an exciting opportunity to join Shawbrook’s CTO function as a key member of the Technology Risk & Governance team. Reporting directly to the Director of Technology Risk & Governance, you will lead the first-line IT Risk & Controls function, shaping how technology risk is identified, managed, and embedded across the Bank.

This role offers real scope to innovate, optimise, and automate the way we manage technology risk. You’ll have the freedom to challenge the status quo, simplify complex processes, and introduce creative solutions that strengthen control effectiveness and drive continuous improvement.

Leading a small, capable team, you will act as a trusted advisor to senior technology leaders—balancing oversight with practical, hands-on delivery. You’ll play a pivotal role in ensuring Shawbrook’s technology control environment remains robust, well-documented, and aligned with the Bank’s risk appetite, regulatory expectations, and operational resilience objectives.

This is an opportunity for an experienced IT risk professional who thrives in a collaborative, forward-thinking environment—someone who can combine structure with curiosity and influence change through insight, not instruction.

Risk and Control Oversight

• Lead the first-line IT Risk & Controls function, providing proactive oversight, support, and challenge on all aspects of technology risk management.
• Manage the Technology Risk Register within the Bank’s GRC platform (AuditBoard), ensuring risks, controls, events, and issues are accurately recorded and regularly reviewed.
• Facilitate the twice-yearly Risk and Control Self-Assessment (RCSA) process, ensuring a robust and evidence-based evaluation of control design and operating effectiveness.
• Coordinate and maintain control testing plans, supporting design and operational effectiveness reviews across all technology domains.
• Ensure timely logging and management of risk events, control gaps, and policy non-compliance issues.

Governance and Reporting

• Own and manage the monthly Technology Risk Committee—setting the agenda, curating management information, and ensuring action tracking and escalation are effective.
• Support the preparation of technology input to Group risk forums and produce MI and thematic analysis for the CTO and CRO functions on key risk themes, performance trends, and control maturity.

Assurance and Audit Coordination

• Act as the central coordination point for technology-related audits, reviews, and regulatory returns (e.g., REP018, SWIFT, KPMG assurance).
• Track audit findings and management actions to completion, ensuring evidence is captured and remediation progress is monitored in AuditBoard.
• Support lessons-learned reviews following incidents or near-misses, ensuring improvement actions are defined and embedded.

Optimisation and Continuous Improvement

• Drive automation and data-led insights across risk management processes—simplifying reporting and enhancing transparency.
• Partner with control owners to identify opportunities to streamline evidence collection, improve efficiency, and strengthen control outcomes.
• Build and mentor a small team, fostering a culture of accountability, curiosity, and proactive problem solving within the first line.

• Significant experience in IT risk management or controls assurance within a financial services or similarly regulated environment.
• Strong understanding of technology and cyber risk concepts, including control frameworks (e.g., NIST, COBIT, ISO27001).
• Proven experience in using GRC tools (AuditBoard or equivalent) to manage risks, controls, and issues.
• Experience in automation of risk and control monitoring and MI production using tooling such as Power Automate, Power BI, AI LLMs etc.
• Familiarity with RCSA processes, risk event management, and risk appetite monitoring.
• Strong analytical and communication skills—able to translate complex risk data into clear, concise insights for senior stakeholders.

Your Wellbeing - We take your health and well-being very seriously by providing a range of benefits to give you and your family peace of mind. These include:

• Market leading family friendly policies such as access to our Maternity, Adoption and Paternity policies from Day 1 of your employment
• Free access to Headspace, a mindfulness & meditation digital health app
• Free access to Peppy digital health app that offers personalised support through fertility treatment becoming a parent or menopause
• EAP (Employee Assistance Programme) - Offering you support on a wide range of subjects including financial concerns, mental wellbeing and more general queries around family, work, housing and health
• Cycle to work scheme
• Discounts on gym membership
• Contributory pension scheme & death in service

Your Lifestyle - It’s important you strike the right balance between your work and personal life. We provide benefits to support you when at work and when you’re enjoying your leisure time.

• Minimum of 25 days holiday per year
• Option to buy or sell holiday days through our flexi-holiday scheme
• Discounts on gym membership nationwide
• Access to discounts on a range of high street and online brands
• Community support and charitable giving

Your Contribution - We’re focused on rewarding those that go the extra mile in helping us achieve our goals.

• Participation in our annual discretionary bonus scheme designed to reward your contribution to our success
• Proudly Shawbrook recognition scheme focused on recognising our role models and thanking our colleagues for a job well done