Technology Risk Analyst

Company: Skipton Building Society
Apply for the Technology Risk Analyst
Location: South Yorkshire
Job Description:

Hours: Permanent 35 hours per weekHybrid working

Closing Date: Sat, 4 Jul 2026

Join us as a Technology Risk Lead and play a key role in securing our digital landscape. We are seeking a highly motivated and experienced Technology Risk Lead to join our team. This position is well‑suited for professionals with a proven track record in leading the identification and mitigation of technology‑related risks, as well as substantial experience in controls assurance. The ideal candidate will thrive in a dynamic, fast‑paced environment and demonstrate exceptional analytical and problem‑solving abilities. If you are committed to upholding digital integrity and driving effective risk management, we welcome your application.

Who Are We?

We’re the fourth biggest building society in the UK, and we’re a mutual organisation. We don’t have shareholders; we’re owned by our members. Our colleagues say Skipton’s a great place to work, and you could be one of them, bringing new ideas on how we can keep customers at the heart of what we do. Whatever your background and goals, we’ll help you take the next step towards a better future.

Technology Risk Team Overview

Our primary focus is to manage and mitigate technology‑related risks within the Society. We work closely with teams under the Technology Transformation and Resilience (TTR) function—including IT, Security, Operational Resilience, Change Delivery, Data Capability, and Engineering—as well as other teams across the Society such as Operational Risk, Internal Audit, and Compliance, among others. Our core role is to ensure the stability and security of our technology infrastructure. We also engage in initiatives such as enhancing cybersecurity measures, improving operational resilience, driving technological innovation, and supporting TTR during audits by improving the effectiveness of our controls.

What’s In It For You?

Skipton values work/life balance and supports hybrid and flexible working, where possible. We have a newly refurbished head office that offers a vibrant and collaborative working space.

  • Annual discretionary bonus scheme
  • 25 days standard annual leave + bank holidays + rising 1 day per year of service to a maximum of 30 days
  • Holiday trading scheme allowing the ability to buy and sell additional annual leave days
  • Matching employer pension contribution (up to 10% per annum)
  • Colleague mortgage (conditions apply)
  • Salary sacrifice scheme for hybrid & electric car
  • A commitment to training and development
  • Private medical insurance for all our colleagues
  • 3 paid volunteering days per annum
  • Diverse and inclusive colleague networks available for you to join including our Carers and Pride Alliance groups
  • Cycle to work initiative and discounted gym membership

What Will You Be Doing?

You will lead the implementation of risk management processes in alignment with the Group Risk Management Framework (GRMF). This includes managing Risk and Control Self‑Assessments (RCSAs), conducting control assurance reviews, and analysing risks, issues, and policy non‑compliances to ensure accurate risk profiling. You will also maintain a central repository of technology risks and controls, delivering reports to support informed decision‑making.

In this role, you will collaborate with stakeholders to ensure effective operation of technology controls, identify areas for improvement, and ensure compliance with internal policies, industry standards, and regulatory requirements. You will conduct periodic reviews to assess control maturity and support continuous improvement. Additionally, you will support business continuity, disaster recovery, and audit activities, guiding stakeholders in providing appropriate evidence. You will lead relevant forums and produce regular reports and dashboards for Senior Management.

What Do We Need From You?

Strong report writing, communication, and stakeholder engagement skills are essential. You should have a foundational understanding of technology risk management and controls, with familiarity in IT frameworks such as ISO 27001, PCI DSS, or NIST. Experience in conducting risk assessments, audits, compliance activities, and producing MI reports is beneficial.

#J-18808-Ljbffr…

Posted: July 1st, 2026