Cyber and Technology Risk Manager

Contract type: Permanent
Hours: Full-time, 35 hours
Location: Head Office, Nottingham (Hybrid working, minimum 2 days per week)
Application process: Please apply via the application button which will direct you to our careers site. If you require any adjustments to assist you in applying, please contact [email protected]

As a Cyber and Technology Risk Manager, you’ll operate as part of our second line of defence, providing expert oversight across our digital and technology transformation journey. You’ll play a pivotal role in ensuring the organisation remains secure as we modernise, offering robust risk assurance across information security, technology initiatives, major transformation programmes and change portfolios.

You’ll build strong relationships across the business and act as a trusted, influential voice on cyber and technology risk at all levels. With a focus on embedding smart technology solutions, you’ll help drive our strategic agenda while continuously enhancing our risk management frameworks and processes to protect the organisation now and in the future.

Here’s a taste of what you will be doing as a Cyber and Technology Risk Manager at Nottingham Building Society:

• Independent Risk Oversight: Deliver objective assurance over cyber and technology risks, using strong technical knowledge to assess controls, challenge effectively, and guide stakeholders.
• Strategic Transformation Support: Align with the digital strategy and roadmap to provide proactive risk insight, building trusted relationships across Technology & Transformation.
• Change Risk Management: Ensure risks are properly identified and managed throughout change initiatives by reviewing assessments and monitoring supporting controls.
• Incident Monitoring & Assurance: Oversee robust processes for tracking cyber and technology incidents, ensuring clear visibility of themes, actions and residual risks.
• Insightful Reporting: Develop forward-looking MI and produce clear, high-quality reports for the CRO, Director of Risk, and risk committees.
• Second Line Challenge: Provide an independent perspective on incidents and risk matters at the Operational Risk Committee, ensuring strong governance and accountability.
• Continuous Improvement: Identify opportunities to strengthen frameworks, processes and controls to stay ahead of emerging cyber and technology threats.
• Stakeholder Influence: Act as a trusted partner across the business, offering credible challenge and expert guidance to drive effective risk management behaviours.

• Cyber Security Expertise: Strong, transferable experience in cyber security with a solid understanding of threat vectors, security controls and modern IT architectures.
• Risk Framework Knowledge: Practical experience using recognised information security and risk management methodologies such as NIST, COBIT and ISO27001.
• Broader Risk Awareness: Understanding of wider risk management systems and methodologies beyond cyber and technology.
• Insightful Reporting: Ability to design and produce clear, meaningful MI and committee‑level risk reporting.
• Proven Industry Experience: 5+ years in cyber/technology risk, internal audit or change assurance within regulated financial services; 2nd line experience desirable.
• Strong Decision-Making: Able to use initiative, make sound judgements and respond confidently to complex issues.
• Collaborative Influencer: Skilled at building strong stakeholder relationships, offering credible challenge and communicating clearly at all levels.
• Qualified & Knowledgeable: Degree-level education preferred; CISSP or CISM qualifications advantageous but not essential.

Reward & Benefits: 

• Competitive Package: Fair salary benchmarked against market data, annual discretionary bonus, and 29 days holiday plus bank holidays.
• Health & Wellbeing: Access to Medicash healthcare, mental health first aiders, and a suite of wellbeing resources to support you inside and outside of work.
• Work-Life Balance: 35-hour working week for full-time roles, with flexibility to help you perform at your best.
• Career Growth: Ongoing personal and professional development, we’ll support your ambitions and help you grow your potential.
• Inclusive Culture: Be part of a friendly, values-led team that genuinely cares about doing the right thing for colleagues and customers.
• Giving Back: Use two paid volunteering days each year to support causes close to your heart, through our Samuel Fox Foundation.
• Sustainability Focus: Join a business committed to reducing its carbon footprint and making a positive impact on the environment.
• Free access to Octopus Money: Financial coaching & tools that help you plan, manage, and make the most of your money.

Embracing Diversity Together:

We proudly embrace and celebrate diversity as a fundamental cornerstone of our values. We believe that a diverse and inclusive workplace is not just essential for our success but is also a reflection of the vibrant communities we serve. Our commitment to diversity extends beyond our internal culture to the way we approach advertising and engage with our customers.

Our commitment means actively working to eliminate barriers and biases that may hinder equal opportunities within our organisation. We strive to ensure that all individuals, regardless of background, have an equal chance to thrive and advance in their careers.

We acknowledge that diversity is not just a goal to be achieved but a continuous journey toward creating an environment that embraces differences and promotes equal opportunities for all. We are committed to creating an inclusive culture that encourages collaboration, creativity, and a sense of belonging for every member of our community.