AI Security and Technology Risk Manager

This job is brought to you by Jobs/Redefined, the UK's leading over-50s age inclusive jobs board.

Since our launch in 2015, we have lent c.$21bn to businesses across the UK and US, directly supporting the creation of tens of thousands of new jobs and homes, as well as adding billions of dollars of GDP to these economies - and we're not about to stop there. We're dedicated to helping trailblazing businesses thrive and our strong Technology Risk and Cyber Security focused capabilities help us build trust and secure our digital assets and customer data.

This is a fantastic opportunity to join a fast-paced, growing bank with a reputation for doing things differently. We don't want another cog in the machine; we're looking for self-starters and bold thinkers who want to pave their own career. OakNorth's Risk team provides guidance and oversight for technology and cyber related risks across the OakNorth Bank plc Group.

As AI adoption accelerates across banking and financial services, OakNorth is building dedicated capability to identify, assess, and mitigate the risks that AI deployments introduce - from large language models and generative AI tools to machine learning systems embedded in key business processes. At the same time, maintaining robust oversight of the broader technology and cyber risk landscape remains critical as the organisation scales.

In a nutshell, this exciting and high-performing role will provide second-line risk oversight of AI deployments while contributing to the wider technology and cyber risk agenda. The successful candidate will bring deep technical understanding, working closely with OakNorth's AI Centre of Excellence as an embedded risk partner, and ensuring OakNorth can adopt AI confidently while maintaining robust controls aligned to regulatory expectations and industry best practice.

Are you ready to step up to the challenge?

Key Elements of the Role:

• Security Assessment and Risk Oversight
• Review AI and LLM deployments across OakNorth, assessing them against vulnerabilities mapped to the OWASP Top 10 for LLM Applications (prompt injection, sensitive information disclosure, supply chain risks, etc.). Develop and maintain AI security risk assessment methodologies and take part in architecture reviews. Provide second-line oversight, review, and assess AI-related risks across the organisation. Contribute to the development and enhancement of OakNorth's AI risk framework, ensuring alignment with the broader technology risk framework and evolving regulatory expectations.
• Vendor & Third-Party Risk
• Conduct security and risk assessments of third-party AI tools, platforms, and SaaS providers being adopted across the organisation. Evaluate vendor AI governance maturity, data handling practices, model transparency, and contractual safeguards. Engage early during procurement, proof-of-concept, and solution design phases to assess AI-specific risks before tools are onboarded.
• Regulatory Compliance and Frameworks
• Map AI deployments and controls against applicable regulatory expectations including PRA/FCA supervisory expectations, NYCRR 500, the EU AI Act, and relevant SEC guidance. Support OakNorth's alignment to AI governance standards and frameworks including ISO/IEC 42001, NIST AI Risk Management Framework (AI RMF), amongst others. Monitor the evolving AI regulatory landscape across operating geographies.
• Perform risk-based deep-dives
• Perform risk based deep dives to identify and understand technology and cyber security related risk drivers and work in partnership with the First Line(s) to identify key programmes/tasks to address these. This is expected across core technology risk domains of resilience and continuity, cloud and third-party, data governance and protection, generative AI and broader AI adoption, and technology delivery and change.
• Automation and Continuous Assurance
• Help build continuous assurance capabilities for AI and Technology risk, automating control testing where possible and feeding results into established enterprise risk frameworks. Develop and track Key Risk Indicators (KRIs) and risk telemetry to surface emerging trends and control deficiencies. Contribute to reporting that provides clear articulation of inherent and residual risks and control effectiveness.
• Stakeholder Engagement
• Collaborate regularly with Cyber Security, Engineering, Data Platform, AI Centre of Excellence, Product, Legal, and Internal Audit teams. Act as a subject matter resource on Technology, AI security and risk topics, providing practical guidance to first-line teams adopting AI.

Required Experience:

• 4-6 years of experience in technology risk, cyber security, or AI/ML security roles, within regulated financial services, fintech, or technology risk consulting environments.
• Demonstrable understanding of AI and machine learning concepts, including how large language models and generative AI solutions work at a technical level sufficient to assess their risks.
• A deep understanding of IT security and technology risk principles, with specific focus on operating in a cloud-native and SaaS-heavy environment.
• Understanding of AI-specific attack vectors - including prompt injection, data poisoning, model extraction, and sensitive data disclosure, and how they translate into control requirements for AI systems.
• Demonstrated experience with cyber risk frameworks and a solid understanding of best practices within a well-managed cyber environment.
• Working knowledge of at least one major AI risk or security framework such as OWASP Top 10 for LLM Applications, NIST AI RMF, or ISO/IEC 42001.
• Effective communication skills with the ability to articulate complex AI and technology risk topics to both technical and non-technical stakeholders.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.