IT & Cyber Technical Risk Assurance Manager

The Apex Group was established in Bermuda in 2003 and is now one of the world’s largest fund administration and middle office solutions providers. Our business is unique in its ability to reach globally, service locally and provide cross-jurisdictional services. With our clients at the heart of everything we do, our hard-working team has successfully delivered on an unprecedented growth and transformation journey, and we are now represented by over circa 13,000 employees across 112 offices worldwide.

Your career with us should reflect your energy and passion. That’s why, at Apex Group, we will do more than simply ‘empower’ you. We will work to supercharge your unique skills and experience. Take the lead and we’ll give you the support you need to be at the top of your game. And we offer you the freedom to be a positive disrupter and turn big ideas into bold, industry-changing realities. For our business, for clients, and for you

Job Overview: Lead the internal technical risk assurance function for banking/finance/hedge fund businesses, ensuring risk exposure is identified, measured, monitored, and remediated across applications, infrastructure, and services. Align all activities to the Cyber Strategy and directives from the Group CISO, and provide decision-ready narratives to the Technology Risk Forum (TRF). Own end-to-end assurance across policy/standards, control design and operating effectiveness, KRI/KPI governance, RCSA execution, audit/regulator engagement, and executive reporting. Manage local regional expertise and stakeholder communication to enable consistent risk reduction and operational resilience across the region.

Key Responsibilities:

• Metrics & Risk Appetite Governance: Define, maintain, and continuously improve internal KRIs/KPIs mapped to risk appetite; run monthly Metrics Quality Assurance (MQA) checks (accuracy, timeliness, completeness, reconciliation).
• Risk & Control Self-Assessment (RCSA): Lead annual RCSA across applications/platforms; calibrate inherent/residual risk; document treatment plans and risk acceptances; ensure closure to target dates.
• Assurance Execution: Plan and deliver control testing (design and operating effectiveness) across identity, access, change, patching, vulnerability remediation, data protection, incident response, resilience/backup/restore, third-party touchpoints within internal scope.
• Regulatory & Framework Mapping: Maintain a single control library mapped to ISO/IEC 27001:2022, NIST CSF 2.0, ISO 31000, COBIT, GDPR, DORA (EU), EU AI Act, SOX 404 (where applicable), and PCI DSS v4.0 for payments; ensure evidence quality and audit readiness.
• Issue Management & Remediation: Drive RCA for failing metrics and control gaps; implement the Metric Rewrite Protocol where definitions are unfit; track remediation to closure with owners and SLAs.
• Technology Risk Forum Inputs: Provide quarterly TRF packs—regional posture, KRI/KPI trends, material events, themed risks, remediation progress, and clear asks (policy decisions, funding, prioritization).
• Stakeholder Management & Communication: Coordinate with application owners, platform/cloud teams, SOC, IT Ops, Data Protection, Finance, Legal/Compliance, Internal Audit; communicate complex themes in clear, persuasive executive narratives.
• Automation & Reporting: Partner with GRC and BI teams to implement automated dashboards and evidence repositories; maintain data lineage and owner accountability.
• Regional Enablement: Build and mentor local/regional assurance practitioners; harmonise methods, thresholds, and reporting across countries within region.
• Execute delegated tasks as deemed appropriate by the Group CISO and other empowered Group Cyber leadership authorities, ensuring timely and effective completion in alignment with organizational priorities.
• Support the Group Cyber Strategy end-to-end, driving alignment of all activities, decisions, and deliverables with strategic objectives and business outcomes.

Candidate Profile

• 7- 8 years in cyber risk assurance, internal audit, or GRC within financial services.
• Demonstrated experience leading RCSA/control testing and turning failing metrics green via structured remediation.
• Deep familiarity with ISO/IEC 27001:2022, NIST CSF 2.0, ISO 31000, COBIT 2019, GDPR, DORA (EU), EU AI Act, SOX 404 (as applicable), and PCI DSS v4.0/v4.0.1.
• Exceptional communication, presentation, articulation, and stakeholder influence skills; strong executive-level storytelling.

Disclaimer: Unsolicited CVs sent to Apex (Talent Acquisition Team or Hiring Managers) by recruitment agencies will not be accepted for this position. Apex operates a direct sourcing model and where agency assistance is required, the Talent Acquisition team will engage directly with our exclusive recruitment partners.

About Apex Group

We are dedicated to driving positive change in financial services while fuelling the growth and ambitions of asset managers, allocators, financial institutions, and family offices. Established in Bermuda in 2003, the Group has continually disrupted the asset serving industry through our investment in innovation and talent. Today, we set the pace in asset servicing and stand out for our unique single-source solution and unified cross asset-class platform which supports the entire value chain, harnesses leading innovative technology, and benefits from cross-jurisdictional expertise delivered by a long-standing management team and over 13,000 highly integrated professionals.

We’re a people-powered business, and our people are full of ambition. Together, we’re inspired to lead the new era of data and tech enabled service. Bringing new products and services to market. Sharpening our client focus. Disrupting the market to exceed expectations. Innovating across a range of specialisms. With our focus on making a difference to our people, our planet and our society, you’ll experience more here than you would at most other companies. Prepare to accelerate.

We’re a people-powered business with a vision to inspire a new era of service-led FinTech. We’re expanding globally and offering more to our clients. This means you get more opportunities to grow with us. So prepare to accelerate. We’ll make sure the time and effort you put in takes you further, faster.

Positive change starts with you. We’re a people-powered business with a vision to inspire a new era of service-led FinTech. We’re expanding globally and offering more to our clients. This means you get more opportunities to grow with us. So prepare to accelerate. We’ll make sure the time and effort you put in takes you further, faster.

The journey is yours to own. When you stretch yourself, you grow. We want you to explore ways of working that will see you thrive as part of something bigger. We’ll help you with a solid structure, challenging projects, vibrant networks, supportive colleagues and approachable leaders. All the things you need to own your unique journey.

Find out more about us