Risk Manager

We are looking for a talented individual to join our Enterprise Risk Management team as a Risk Manager, in London or Bermuda. This is a broad, integrative second line risk role ideal for someone who can combine strong risk judgement with a practical, collaborative approach. This is an opportunity to play a meaningful role in strengthening an enterprise-wide risk framework, while contributing across a broad set of interconnected risk disciplines. You will contribute to core elements of our enterprise-wide risk framework and to board-level risk governance activities. You will also serve as the primary lead for the design, oversight, and ongoing execution of business continuity, third-party risk, and data protection and privacy programs, while embedding an operational resilience framework across relevant areas. The role is well suited to someone who enjoys connecting related disciplines, identifying gaps and overlaps, and helping embed robust but pragmatic frameworks across a multifaceted business.

Why Orbis?

Culture. We are committed to our Core Values. We encourage intellectual curiosity and individualism as well as collaboration across different areas of the business. We seek to hear our people’s voices – whether quiet or loud. Sharing ideas and challenging the status quo are commonplace.

Autonomy. While guidance and support are provided, team members own their work and projects.

Growth opportunities. We support our people in continuous learning and development.

Agile environment. We are committed to providing a work environment that balances the needs of our clients; the needs of our teams; and the personal needs, commitments, and interests of our people.

Philanthropy. Our people can contribute to society in a unique and personal way, through various philanthropy opportunities and programmes.

What will your responsibilities be?

Contribute to core enterprise risk management activities, including risk assessments, incident analysis, metric monitoring, risk capital frameworks, board-level governance reporting and interaction.

Lead second line design, oversight, and ongoing execution of:

Business continuity and incident response frameworks, including the full lifecycle of how we prepare for, respond to and recover from significance incidents and disruptions.

Third-party risk management, including maintaining and enhancing our framework for oversight of third-party risk assessment, due diligence, onboarding, and ongoing monitoring.

Data protection and privacy risk activities, including review of Privacy Impact Assessments, maintenance of Records of Processing Activities (ROPAs), and reviews of business and change processes to ensure appropriate data protection consideration.

Developing and embedding an operational resilience framework across interrelated disciplines, including identifying critical services and associated business process and dependency mapping, disruption tolerance setting, and scenario testing.

Work closely with colleagues across Legal, Compliance, Technology, Information Security, and Risk to ensure alignment across interconnected risk areas.

About you

A Bachelor’s degree (or higher) with a track record of academic achievement.

Demonstrable experience in a second line risk, assurance, or oversight role, or in a related first line control function.

Preferred experience in one or more of operational resilience, business continuity, incident response, third-party risk, or privacy/data protection.

Familiarity with relevant risk frameworks or regulations preferred, such as ISO 22301, ISO 27001, NIST, GDPR, DORA, or APRA CPS230.

Experience in a regulated financial services environment is beneficial.

Comfortable working across multiple priorities and can combine strategic framework thinking with practical delivery.

Communicate clearly and can engage constructively with stakeholders across business, technology, and assurance functions.

Apply sound judgement, strong analytical skills, and a pragmatic approach to challenge and oversight.

Curious and adaptable, with the ability to build knowledge quickly across new risk areas.

Pragmatic and collaborative, with the confidence to challenge constructively.

Delivery-focused and action-oriented, and comfortable taking ownership.

Resourceful, solution-oriented, and able to see initiatives through to implementation.

Calm and resilient when working through complex or challenging issues.

Instructions for application

To complete your application, please submit your resume and cover letter.

JR490