Company: IG Group
Location: London
Job Description:
Requirements
- Significant experience in operational and/or technology risk within financial services, with meaningful exposure to fintech, digital assets, or crypto — gained in a second-line or specialist risk function
- Deep working knowledge of UK regulation, including MIFIDPRU and FCA expectations for operational resilience, with awareness of the evolving regulatory framework for crypto assets and digital markets
- Proven track record of designing and operating core risk processes — RCSAs, risk registers, control attestations, incident management — at scale and across global, diversified businesses
- Experience quantifying operational risk for capital adequacy purposes, including scenario analysis and stress testing
- Strong grasp of technology risk disciplines, including cyber risk, infrastructure risk, data risk, technology change management, and emerging risks associated with AI systems and crypto infrastructure
- Track record of engaging in new product and innovation risk processes, providing proportionate second-line input across products at different stages of maturity and scale
- Track record of presenting to and influencing senior committees and regulators, with the gravitas to challenge constructively at all levels
- Technically credible — able to engage meaningfully with Technology, Engineering, and Product teams, and translate complex exposures into clear risk language
- Commercially minded — understands business drivers and calibrates risk management to support, not obstruct, strategic objectives and innovation ambitions
- Outstanding communicator — able to convey complex risk topics with clarity and authority, both in writing and in person
- Rigorous and disciplined — brings structure and consistency to risk processes without sacrificing pragmatism
- Collaborative and influential — builds trusted relationships across functions and operates effectively in a matrixed, global organisation
- Follows IG’s five performance principles: Lead and Inspire, Think Big, Champion the Client, Deliver at Pace, and Raise the Bar
,
,
,
,
,
,
,
,
,
,
,
,
What the job involves
- This is a senior, technically substantive role at the heart of IG’s second line of defence
- As Director of Technology & Operational Risk, you will own the design and operation of IG’s core operational and technology risk processes — from incident response and control attestations to RCSA facilitation and risk register management — ensuring the framework is both rigorous and commercially informed
- You will be a subject matter expert who commands credibility with technologists, product teams, and regulators alike — equally comfortable navigating the risk landscape of a global retail trading platform and the emerging challenges of crypto, AI, and digital asset products
- This is a role for someone who operates at the intersection of technical depth and strategic influence, and who thrives in a fast-moving, innovation-led financial services environment
- Design and maintain IG’s operational risk framework in line with MIFIDPRU requirements and the ICARA process, including quantification of operational risk exposure for capital adequacy purposes
- Own the end-to-end operational risk event and issue (ORE) lifecycle — identification, recording, root cause analysis, remediation tracking, and lessons learned — ensuring consistent standards across all business lines
- Design, facilitate, and challenge Risk and Control Self-Assessments (RCSAs) across the organisation, with particular focus on technology, operations, and commercial functions
- Maintain the operational risk loss database, producing regular management information for Risk Committees and the Board
- Manage the control attestation process and operational risk registers, driving discipline and accountability across first-line owners
- Lead second-line oversight of technology risk, covering cyber, infrastructure, data, and change risk, ensuring the risk profile remains within Board-approved tolerances
- Oversee the incident response framework, providing independent challenge and assurance on first-line incident identification, escalation, and remediation
- Embed a robust technology risk assessment methodology, partnering with Technology and Operations teams to identify and mitigate emerging risks — including those arising from AI adoption, algorithmic systems, and crypto/digital asset infrastructure — before they crystallise
- Oversee Business Continuity Management (BCM) and Disaster Recovery (DR) risk assessments and own Crisis Management frameworks, ensuring IG meets its important business service obligations under the Group’s operational resilience frameworks
- Partner with business and product teams on the design and launch of new products — including crypto, digital assets, and AI-powered features — ensuring proportionate risk and control frameworks are established from inception rather than retrofitted
- Provide credible second-line challenge and guidance across IG’s diverse product range, from large-scale retail trading platforms to emerging and scaling fintech propositions, calibrating control expectations to the maturity, scale, and risk profile of each
- Engage proactively with first-line teams on operational risk considerations in product and technology change programmes, acting as a trusted risk partner without obstructing pace of innovation
- Maintain awareness of the evolving risk landscape for digital assets, crypto custody, DeFi-adjacent products, and AI-driven decisioning, providing horizon-scanning input to senior leadership and product governance forums
- Support the annual ICARA process by providing robust operational risk capital calculations, including scenario-based stress testing and quantitative modelling of tail loss events
- Engage proactively with prudential and conduct regulatory developments, drafting IG’s responses to FCA consultations and thematic reviews relevant to technology and operational risk
- Act as a subject matter expert during regulatory examinations, internal audits, and external reviews, representing the second-line function with confidence and authority
- Prepare and present risk reports, emerging risk assessments, and thematic reviews for the Risk Committee, Audit Committee, and Board Risk Committee
- Maintain IG’s operational risk policy suite, including the Operational Risk Policy, Outsourcing & Third Party Risk Policy, and Business Continuity Policy
- Provide second-line oversight and challenge to third-party and outsourcing risk, ensuring material arrangements meet regulatory and internal standards
- Build and sustain strong working relationships with Technology, Operations, Compliance, Finance, and Front Office, acting as a trusted and commercially grounded risk partner
- Key Deliverables & Outcomes
- A mature, well-governed operational and technology risk framework that withstands regulatory scrutiny, meets Board expectations, and protects against material loss
- Timely, high-quality MI and risk reporting that enables informed decision-making at committee and Board level
- A rigorous RCSA process embedded across business lines, with clear ownership and meaningful outputs
- An incident management framework that drives swift escalation, root cause resolution, and sustainable remediation
- Robust ICARA-aligned operational risk capital quantification, including credible stress-testing scenarios
- A policy suite that is current, proportionate, and actively applied across the organisation
- Effective second-line challenge to first-line technology and outsourcing risk management
- Proportionate, well-designed risk and control frameworks for new and scaling products, including crypto and AI-enabled propositions
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
#J-18808-Ljbffr…
Posted: May 28th, 2026