What is technology risk management?

Technology risk refers to any risk of financial loss, disruption or damage to the reputation of an organisation as a result of the failure of its information technology systems. Cyber risk is a subset of technology risk, which is the potential for any type of technology failure to disrupt a business.

What do technology risk management professionals do?

Areas of focus for these professionals include project & programme risk, operational & technology resilience, technology risk & control, the impact of regulatory change on data and technology and third-party risk management.

Key responsibilities

Responsibilities will vary, but examples include:

  • Working across the technology department to analyse and better understand their risk profile
  • Identifying and assessing the impact of technology risk on projects and develop mitigation strategies
  • Defining a risk and control methodology and framework to use in conducting risk assessments
  • Proactively managing risks so that there are no major incidents, breaches or examples of non-compliance
  • Establishing and running risk committees and working groups
  • Delivering technology risk insight for the Board & Executive Committees, including data-driven risk reports
  • Regularly engaging with internal & external stakeholders on the group's IT and cyber risk posture
  • Driving effective implementation & communication of operational risk management policies & guidelines
  • Providing IT and cyber risk management consulting to the business, technical & operations groups

Why are they important?

The increasing reliance of businesses on technology means that technology risk management (TRM) is a strategically important and growing function across businesses worldwide. Cyberattacks are inevitable and their risks continue to grow. The implementation of a strong and consistent risk management programme will enable organisations to be better prepared to deal with them.

Skills required in this role

Individuals working within this area will need outstanding attention to detail combined with strong analytical skills. In more senior positions the role will require strong influencing and stakeholder management skills.

Strategic Professional Options examinatons linked to this role

Advanced Audit and Assurance

Career opportunities presented by this role

Given the prominence and importance of security in the technology environment, there are strong opportunities to progress with established pathways to the chief technology officer and chief risk officer positions.

Competencies

High level competencies required include:

  • Data, digital and technology

    A. Identifies strategic options to add value, using data and technology.

    B. Analyses and evaluates data using appropriate technologies and tools.

    C. Applies technologies to visualise data clearly and effectively.

    D. Applies scepticism and ethical judgement to the use of data and data technology.

  • Governance, risk and control

    A. Evaluates organisational structures and governance to protect the long-term interests of stakeholders.

    B. Recommends appropriate strategies to ensure adherence to governance structures and application of best practice internal controls.

    C. Identifies and manages risk appropriately.

    D. Uses risk management for the best interests of an organisation and its stakeholders.

    E. Monitors and applies relevant legislation, policies and procedures.

  • Stakeholder relationship management

    A. Positively develops relationships with internal and external stakeholders.

    B. Communicates and gains commitment from internal and external stakeholder.

    C. Uses emerging technologies to collaborate and communicate effectively with stakeholders.

    D. Applies professional and ethical judgement when engaging with stakeholders.

    E. Aligns organisational strategic objectives with stakeholder needs and manages expectations.