IT & Cyber_Technical_Risk_Metrics_Specialist_Compliance_Manager

The Apex Group was established in Bermuda in 2003 and is now one of the world’s largest fund administration and middle office solutions providers. Our business is unique in its ability to reach globally, service locally and provide cross-jurisdictional services. With our clients at the heart of everything we do, our hard-working team has successfully delivered on an unprecedented growth and transformation journey, and we are now represented by over circa 13,000 employees across 112 offices worldwide.

Your career with us should reflect your energy and passion. That’s why, at Apex Group, we will do more than simply ‘empower’ you. We will work to supercharge your unique skills and experience. Take the lead and we’ll give you the support you need to be at the top of your game. And we offer you the freedom to be a positive disrupter and turn big ideas into bold, industry-changing realities. For our business, for clients, and for you

Role Overview:
This role governs, monitors, and continuously improves IT & Cyber risk metrics so they are fit for purpose, aligned with Cyber Strategy, and meet expectations set by the Group CISO. Operating within Banking, Finance, and Hedge Fund environments, the role ensures metrics reflect financial risk exposure, operational resilience, and compliance with global regulatory frameworks. The role leads the annual Risk & Control Self-Assessment (RCSA) and provides strategic inputs to the Technology Risk Forum.

Key Responsibilities:

• Metrics Governance & Cyber Strategy Alignment: Define, review, and maintain IT & Cyber KRIs/KPIs in line with Cyber Strategy and Group CISO directives; map to risk appetite thresholds and business services.
• Continuous Improvement & Remediation: Monitor failing metrics; lead root cause analysis and remediation plans. Implement a Metric Rewrite Protocol for metrics that consistently fail or are misaligned.
• RCSA Execution: Lead annual RCSA across technology domains; ensure residual risk remains within appetite and align methodology with Group CISO expectations.
• Strategic Reporting & Governance: Provide decision-ready inputs to the Technology Risk Forum: posture, trends, material events, remediation, and asks.
• Compliance & Regulatory Alignment (Global): Maintain cross-framework control mapping and evidence across ISO/IEC 27001:2022, NIST CSF 2.0, COBIT, ISO 31000; and regulations/obligations including SOX 404, GDPR, DORA (EU), PCI DSS v4.0, and applicable regional rules (e.g., FFIEC/US, UK PRA/FCA, MAS TRM, HKMA, APRA CPS 234).
• Stakeholder Engagement: Liaise with Application, Infrastructure, Service Owners, SOC, IT Ops, Risk, Compliance, and external auditors/regulators. Influence remediation and strategic risk initiatives.
• Automation & Reporting: Partner with BI/GRC teams to deliver automated dashboards and single source of truth for metric definitions, thresholds, owners, and evidence.
• Execute delegated tasks as deemed appropriate by the Group CISO and other empowered Group Cyber leadership authorities, ensuring timely and effective completion in alignment with organizational priorities.
• Support the Group Cyber Strategy end-to-end, driving alignment of all activities, decisions, and deliverables with strategic objectives and business outcomes.

Candidate Profile:
Experience:

• 10–15+ years in IT/Cyber Risk, GRC, or Technical Assurance within financial services.
• Hands-on designing/operating KRIs/KPIs and turning failing metrics green.
• Led RCSA and audit/regulator engagements across multiple regions.

Skills:

• Technical: vulnerability and patch governance, IAM/PAM, cloud security, incident response, DR/BC, change risk.
• Risk & Compliance: appetite, control frameworks (ISO 27001, NIST CSF, COBIT, ISO 31000), SOX 404, DORA, GDPR, PCI DSS.
• Tooling: GRC platforms (ServiceNow/Archer), dashboards (Power BI/Tableau), CMDB, ticketing (ServiceNow/Jira).
• Soft Skills: communication, articulation, presentation, stakeholder influence, executive narratives.

Preferred Certifications:

• CISM / CRISC
• ISO 27001 Lead Auditor
• ITIL
• Cloud security certs (AWS/Azure/GCP)

Disclaimer:
Unsolicited CVs sent to Apex (Talent Acquisition Team or Hiring Managers) by recruitment agencies will not be accepted for this position. Apex operates a direct sourcing model and where agency assistance is required, the Talent Acquisition team will engage directly with our exclusive recruitment partners.

About Apex Group
We are dedicated to driving positive change in financial services while fuelling the growth and ambitions of asset managers, allocators, financial institutions, and family offices. Established in Bermuda in 2003, the Group has continually disrupted the asset serving industry through our investment in innovation and talent. Today, we set the pace in asset servicing and stand out for our unique single-source solution and unified cross asset-class platform which supports the entire value chain, harnesses leading innovative technology, and benefits from cross-jurisdictional expertise delivered by a long-standing management team and over 13,000 highly integrated professionals.

We’re a people-powered business, and our people are full of ambition. Together, we’re inspired to lead the new era of data and tech enabled service. Bringing new products and services to market. Sharpening our client focus. Disrupting the market to exceed expectations. Innovating across a range of specialisms. With our focus on making a difference to our people, our planet and our society, you’ll experience more here than you would at most other companies. Prepare to accelerate.

We’re a people-powered business with a vision to inspire a new era of service-led FinTech. We’re expanding globally and offering more to our clients. This means you get more opportunities to grow with us. So prepare to accelerate. We’ll make sure the time and effort you put in takes you further, faster.

Positive change starts with you. We’re a people-powered business with a vision to inspire a new era of service-led FinTech. We’re expanding globally and offering more to our clients. This means you get more opportunities to grow with us. So prepare to accelerate. We’ll make sure the time and effort you put in takes you further, faster.

The journey is yours to own. When you stretch yourself, you grow. We want you to explore ways of working that will see you thrive as part of something bigger. We’ll help you with a solid structure, challenging projects, vibrant networks, supportive colleagues and approachable leaders. All the things you need to own your unique journey.

Find out more about us