Find your next tech and IT Job or contract Risk management

What you’ll do: Cybersecurity Risk Assessment : conduct and manage comprehensive risk assessments of suppliers, vendors, and partners to identify and mitigate cybersecurity threats in the supply chain Service Team Collaboration : support and assist Service Teams with the security aspects of their procurement needs, ensuring that appropriate information and cyber security requirements are included in tender documents, specifications and contracts Liaise with Commercial and Legal functions to ensure the requirements are included in tender and contract documentation Vendor Due Diligence : collaborate with procurement and legal teams to assess vendor security practices during onboarding and throughout the vendor lifecycle ensure third-party vendors comply with the organisation’s cybersecurity policies and standards Supply Chain Risk Management (SCRM) : develop and maintain a robust cybersecurity supply chain risk management (SCRM) program, including standardised supply chain risk logging, continuous monitoring, auditing, and evaluating third-party risk exposure individually, by category and in aggregate Compliance and Standards : ensure supply chain activities comply with relevant cybersecurity frameworks and regulations (e.g., NCSC Cyber Assessment Framework, GovS007, ISO 27001, GDPR/DPA18) Implement best practices from industry standards to secure supply chain operations Third-Party Contract Management : work with the legal and commercial teams to ensure cybersecurity clauses are included in supplier contracts Define key performance indicators (KPIs) and service level agreements (SLAs) around vendor cybersecurity responsibilities Periodically audit contracts for security terms, in order to understand any gaps in live contracts Incident Response : support the development of processes and protocols for managing third-party cybersecurity incidents, including coordinating with vendors during a breach, ensuring timely communication, and mitigating the impact on the organisation Vendor Cybersecurity Audits : lead or co-ordinate periodic cybersecurity audits of vendors and third parties to ensure they maintain high security standards Identify gaps and work with vendors to implement remediation plans Training and Awareness : provide training and support to internal stakeholders on supply chain cybersecurity risks and vendor management best practices Increase awareness of supply chain threats and trends within the organisation Collaboration and Communication : work closely with IT, risk, and procurement teams to communicate findings and recommended mitigations Ensure transparency and alignment between teams on cybersecurity risks and strategies ‘Intelligent customer’ supply chain management : contribute to the working relationship and management of inter-government supply chain, for example, internal services provided by another government department Supply Chain Resilience : develop strategies to ensure supply chain resilience in the face of cybersecurity threats, including supply chain mapping and diversification to mitigate risk Monitoring and Reporting : continuously monitor the security posture of the supply chain and provide regular reports to leadership on third-party risk exposure, incidents, and mitigation efforts

Manager - Risk Reporting with Data Analytics Wholesale Credit and Market Risk (WMR) department within HBEU measures and monitors global credit and market risks arising from lending and trading activities as well as providing credit approval for corporates, financial institution and sovereign exposures. The team is engaged in a lot of European regulatory reporting (for ex. AnaCredit) and senior management reporting and analysis deliverables that are spread across EU countries on a need basis. The aim is to bring all these tasks together as one team and deliver them in a centralized and standardized manner. Key Accountabilities: " Understand the requirements of the regulators/senior management " Create solutions basis the knowledge of Risk systems to optimize the timeliness and accuracy of results " Explain the month on month, quarter on quarter movements in the risk metrics in a business language " Manage stake holders in Regional and Group Risk functions, coupled with finance/business as required " Builds and maintains effective working relationships with IT & System owners " Acquire data from primary or secondary data sources to meet the reporting/analysis requirements " Identify valuable data sources and automate collection processes " Identify, analyze, and interpret trends or patterns in complex data sets " Analyse the data sources and provide solutions in terms of results, bring out the business interpretation of the results and explore better possibilities of coming with an alternate approach as per the requirement " Collate, test and check independently sourced data and assess its robustness and fitness for purpose. " Automate the high volume processes supporting Group, Region and Site " Support ad-hoc requests in support of the business as necessary " Prepare effective material for dissemination to key business stakeholders at all levels of seniority. " Drive standardization of data ingestion processes to gain efficiency " Ensure the timeliness, accuracy and reasonableness of results produced by the process " Work with management to prioritize business and information needs " Locate and define new process improvement opportunities " Support junior team members in terms of delivering assigned tasks " Review junior team members work before releasing to the customers Requirements: " University degree and/or post graduate qualification with a relevant finance/quantitative/risk content " 8+ years of experience in related/relevant areas " Previous exposure to large projects involving technical IT considerations " Strong technical knowledge with any of these (SAS, SQL, Python, Tableau, BI Tools, Qlik Sense etc.) " Knowledge of banking wholesale credit risk " Proven ability to manage high volume data with embedded data quality procedures " Understanding of banking book financial products, macro-economics, econometrics and financial markets " Excellent communication skills with technical (the team) and non-technical (senior entity management around the globe) counterparts; being able to "translate" between the two worlds Self-starter, who can think proactively and demonstrate the ability to learn abstract concepts and to operate effectively against uncertainty and on unfamiliar ground The salary for this role will be in the range PLN 15K to PLN 20 20K per month. The position is based in Krakow P Please send your CV to us in Word format along with your salary in PLN or Euros.

Head of IT Infrastructure and Security In summary we are looking to recruit an all-round individual with expert knowledge and hands-on experience of IT Infrastructure coupled with Security, Compliance & Risk Management You must have upwards of 10 years hands-on expertise in IT Infrastructure combined with Security and Risk – ideally from within the banking or insurance sector. The Head of IT Infrastructure and Security Lead is responsible for overseeing the organisation’s IT operations, ensuring the stability, continuity, security, and efficiency of its technology platforms within a global commercial insurance environment. Some of the key points to consider for this role are: Define and enforce cloud security policies, identity management, and access controls to protect systems, networks, and data. Oversee the adoption of zero-trust security principles to enhance protection across cloud platforms. Manage identity and access management (IAM) in a cloud-first environment, including Azure AD, MFA, Conditional Access, SSO, and Privileged Access Management (PAM). Lead threat monitoring, detection, and response using cloud-native security solutions such as Microsoft Defender, Sentinel, and SIEM platforms. Ensure compliance with cloud security frameworks and regulatory requirements (ISO 27001, NIST, GDPR, SOC2, FCA). Technology: Microsoft Azure Infrastructure design and administration, including topology, Azure networking, services, and component knowledge, Microsoft AD (Entra), Server and SQL experience, O365 administration and design Microsoft 365 & Azure: Strong experience managing Microsoft 365 (Exchange, SharePoint, Teams), Azure cloud infrastructure, and security tools such as Microsoft Defender and Sentinel. Security & Compliance: Deep knowledge of security frameworks (ISO 27001, NIST, CIS), compliance requirements (GDPR, SOC2), and risk management best practices. Summary: Problem-Solving & Decision-Making: Capable of making informed decisions and resolving complex IT issues in a fast-paced environment. Stakeholder Engagement: Ability to communicate effectively with technical and non-technical stakeholders, including senior leadership and business users. The role will involve managing a Cloud environment in a team of 4 Technical people. Managing 6 different suppliers which include Security, IT Networks, Hosting and Servers and 3 party software. The aim of the role is to bring the MSP’s (suppliers of hardware and software) to the same page for the stakeholders and the Board and ensure technology is running smoothly. The Client is a financial organisation based in the City of London. This is a hybrid position with 3 days in the office. Must have a Bachelor’s degree in IT or similar. The salary for this role will be in the range £85K - £95K plus Excellent Benefits. Do send your CV to us in Word format along with your salary and notice period.

Key Responsibilities Fulfil the Principal Designer role in line with CDM Regulations. Plan, manage, and coordinate health and safety during pre‑construction. Identify and manage design‑related risks through effective risk management. Chair HAZID reviews and ensure mitigation actions are implemented. Coordinate with the Principal Contractor to maintain CDM compliance during construction. Ensure designers meet their CDM duties and collaborate with the project team. Advise on client CDM responsibilities. Engage with contractors and stakeholders to promote safe design and delivery. Maintain compliance records and documentation. Develop internal CDM procedures, tools, and templates. Provide safety‑in‑design guidance and training. Operate as a billable resource and support continuous improvement in safety and compliance. RequirementsQualifications & Experience Relevant degree or equivalent experience. Health & Safety qualification (e.g. NEBOSH or equivalent). Strong knowledge of CDM Regulations 2015. Experience acting as Principal Designer or in a similar CDM role. Background in design risk management and construction safety. Experience working within multi‑disciplinary teams. Skills & Competencies Strong knowledge of UK health and safety legislation. Effective communication and stakeholder management skills. Ability to manage multiple projects concurrently. Commercial awareness and experience delivering billable services. Proactive, detail‑focused, and solution‑oriented approach. Ability to promote a positive safety culture. Desirable Chartered membership of a relevant professional body. Experience delivering health and safety training or mentoring. Experience in a client‑facing consultancy environment. Please click to find out more about our Key Information Documents. Please note that the documents provided contain generic information. If we are successful in finding you an assignment, you will receive a Key Information Document which will be specific to the vendor set-up you have chosen and your placement. To find out more about Progressive please visit Progressive Recruitment, a trading division of SThree Partnership LLP is acting as an Employment Business in relation to this vacancy | Registered office | 8 Bishopsgate, London, EC2N 4BQ, United Kingdom | Partnership Number | OC387148 England and Wales

IT Operations Platforms and Security Lead In summary the Client is looking to recruit an all-round individual with expert knowledge and hands-on experience of IT Infrastructure coupled with Security, Compliance & Risk Management You must have upwards of 10 years hands-on expertise in IT Infrastructure combined with Security and Risk – ideally from within the banking or insurance sector. The IT Operational Platform and Security Lead is responsible for overseeing the organisation’s IT operations, ensuring the stability, continuity, security, and efficiency of its technology platforms within a global commercial insurance environment. While Microsoft technologies (Microsoft 365, Azure, Exchange Online) form a core part of the infrastructure, the role also encompasses broader enterprise IT systems, multi layered networking, security, data management, and third-party platforms that support global business operations and the associated applications estate. The role requires a proactive leader who can drive IT operational excellence, manage security risks, focus on continual service improvement, drive transformational delivery projects, and work effectively with internal stakeholders and third-party vendors to deliver a high-quality Global IT services. Working in line with the Architecture defined IT principle of a "buy before build" environment, the individual will need to ensure that outsourced and cloud-based services are robust, cost-effective, and aligned with business needs and the Strategic IT vision. They will also play a key role in enhancing cybersecurity, protecting data and systems, driving transformative operational change, enhancing IT processes and ensuring compliance with governance bodies and industry regulations. Due to the nature of the role, complexity of the estate, current transformation activities and team size, the role requires the functional capability and proficiency to technically augment the team capabilities (when required) and have a detailed knowledge of technical IT support roles/services as a requirement, across multiple technical areas. Security, Compliance & Risk Management Define and enforce cloud security policies, identity management, and access controls to protect systems, networks, and data. Oversee the adoption of zero-trust security principles to enhance protection across cloud platforms. Manage identity and access management (IAM) in a cloud-first environment, including Azure AD, MFA, Conditional Access, SSO, and Privileged Access Management (PAM). Lead threat monitoring, detection, and response using cloud-native security solutions such as Microsoft Defender, Sentinel, and SIEM platforms. Ensure compliance with cloud security frameworks and regulatory requirements (ISO 27001, NIST, GDPR, SOC2, FCA). Conduct regular security risk assessments, penetration tests, and vulnerability management across cloud services. Oversee endpoint security, cloud network and API security for robust protection across all assets Define, manage and maintain accurate DR and BCP plans for the infrastructure area with biannual tests. Technical Experience Microsoft Azure Infrastructure design and administration, including topology, Azure networking, services, and component knowledge, Microsoft AD (Entra), Server and SQL experience, O365 administration and design Global Software Patching and estate management via Intune Firewall (Azure, CheckPoint and Cloudflare), DNS, VPN, WIFI and Local Area Network design & administration experience Software Defined Networking (Cisco, Meraki, Versa) Key Skills Microsoft 365 & Azure: Strong experience managing Microsoft 365 (Exchange, SharePoint, Teams), Azure cloud infrastructure, and security tools such as Microsoft Defender and Sentinel. Security & Compliance: Deep knowledge of security frameworks (ISO 27001, NIST, CIS), compliance requirements (GDPR, SOC2), and risk management best practices. Identity & Access Management (IAM): Expertise in Azure AD, MFA, Conditional Access, Single Sign-On (SSO), and Privileged Access Management (PAM). Threat Management & Incident Response: Ability to detect, respond to, and mitigate cyber threats using SIEM, endpoint security, and vulnerability management tools. Networking & Infrastructure Security: Understanding of firewalls, VPNs, SD-WAN, DNS security, endpoint protection, and cloud security controls. IT Service Management & Automation: Experience implementing ITIL-based service management, automating operational tasks, and optimising service delivery. Operational & Leadership Skills: IT Operations & Service Continuity: Ability to ensure IT systems are highly available, resilient, and fit for purpose, with a strong focus on business continuity and disaster recovery. Supplier & Vendor Management: Experience managing third-party IT vendors, MSPs, and SaaS providers, ensuring service levels, performance, and cost-effectiveness. Project Leadership & Change Management: Ability to lead technology projects, system upgrades, and platform migrations, ensuring smooth execution and minimal business disruption. Process Improvement & Automation: Strong analytical mindset to identify inefficiencies, automate workflows, and enhance security controls. Skills & Mindset: Problem-Solving & Decision-Making: Capable of making informed decisions and resolving complex IT issues in a fast-paced environment. Stakeholder Engagement: Ability to communicate effectively with technical and non-technical stakeholders, including senior leadership and business users. Resilience & Adaptability: Comfortable working in an evolving technology landscape, with a proactive and security-first approach. The Client is a financial organisation based in the City of London. This is a hybrid position with 3 days in the office. Must have a Bachelor’s degree in IT or similar. The salary for this role will be in the range £85K - £95K plus Benefits. Do send your CV to us in Word format along with your salary and notice period.

Location: Brussels ; 50% remote Duration: 3 years Introduction & Summary: The Senior Java Developer role aims to enhance the capabilities of the Risk Management team by developing high-quality software solutions, mentoring junior developers, and ensuring technical excellence within the organization. The ideal candidate will possess extensive experience in Java development, particularly with Java 11/17, and be adept at implementing innovative business solutions in the B2B sector. Main Responsibilities: Collaborate with stakeholders to refine requirements and align solutions with business goals. Design and implement scalable Java applications following best practices. Lead development of critical components and ensure timely delivery. Mentor junior developers and promote a culture of continuous learning. Maintain high code quality through reviews and testing. Troubleshoot and resolve issues, ensuring system reliability. Document technical solutions and communicate effectively with teams. Stay current with Java technologies and introduce innovative solutions. Key Requirements: Bachelor’s or Master’s degree in Computer Science, Software Engineering, or related field. Minimum 7 years of professional experience in Java development. Strong expertise in Java 11/17. Spring Framework (v5+), Spring MVC. REST API design and microservices architecture. Front-end frameworks (Vue.js preferred) and responsive HTML/CSS. Hands-on experience with cloud deployments (Microsoft Azure/Azure DevOps) and CI/CD pipelines. Familiarity with Agile methodologies and DevOps practices. Fluent in French or Dutch, with excellent English skills.