Enterprise Risk and Assurance Manager

**Introduction**

The Pepperstone story started in 2010. We know what it’s like to trade the world’s markets. Our team describes us as a place for the curious and the driven, and we like to do things a little differently; as a transformative global fintech we’re digital, nimble, connected, and united in our vision to create a better way to trade.

We thrive on progress - for our clients and for ourselves. Our organisational culture is ever-evolving, vibrant, diverse, global and results focused.

You’ll find our 550+ team currently across 11 locations and 9 time zones.

**The Role**

The Risk Manager plays a pivotal role in supporting the strategic delivery of Pepperstone’s enterprise-wide risk and assurance agenda. Reporting to the Global Head of Risk and Assurance, this role leads key initiatives across enterprise risk, audit planning, business continuity, and ICT risk management. As a trusted advisor uplifting risk maturity, the Risk Manager delivers the actions outlined in the Risk strategy and champions the implementation the GRC tool. The role also leads cross-functional engagement on criticalincidents and issues. With exposure across global operations, this position is suited to a highly motivated professional who thrives in a fast-paced, agile environment and is passionate about enhancing risk maturity and resilience at scale

**As our Risk Manager, your key responsibilities include, but may not be limited to**:
**Enterprise Risk Management**
- Lead initiatives to embed enterprise risk frameworks aligned with Pepperstone’s risk appetite and delegation framework
- Drive improvements in risk reporting, analytics, and visualisation to support decision-making
- Support the operationalisation of risk appetite statements and guide risk owners in embedding controls into business processes
- Champion the integration of the GRC platform and contribute to system optimisation efforts

**Assurance and Control Testing**
- Lead the delivery of assurance activities including RCSA (risk control self-assessments), walkthroughs across Lines 1 and 2, and control testing
- Use data insights to identify control gaps and improvement opportunities, collaborating with control owners to implement enhancements
- Guide stakeholders on effective control design and foster a culture of continuous improvement

**Audit Planning and Remediation**
- Assist in scoping the annual audit plans in line with enterprise risks and business priorities across licenses and entities
- Support coordination of internal and external audit engagements, ensuring timely information flow between business units and auditors
- Track audit actions and drive remediation plans with stakeholders

**Business Continuity Planning (BCP)**
- Lead the update of Business Impact Analyses (BIA) and the implementation of business continuity testing
- Support documentation and training programs to ensure readiness across global functions
- Collaborate with business units/teams to assess disaster recovery capabilities and test outcomes

**ICT Risk**
- Collaborate with IT, Cybersecurity, and Compliance to strengthen ICT risk monitoring and enhance third-party risk management practices
- Support key risk reviews, coordinate penetration testing, and contribute to cybersecurity control enhancements
- Maintain oversight of ICT risk indicators and associated risk treatment plans

**Incident and Issue Management**
- Lead cross-functional business process incident reviews, ensuring swift resolution and clear post-incident analysis
- Promote a lessons-learned culture by helping teams identify root causes and implement preventative measures
- Maintain oversight of the issue register and contribute to reporting on emerging risks and systemic themes

**Audit and Risk Committee Secretary**
- Assist in preparing board and committee reports, particularly for the Audit and Risk Committee
- Draft meeting minutes for committee approval and regulatory engagements
- Track actions and activities arising from committee meetings to ensure progress and delivery of outcomes

**About You**
- Degree-qualified in Business, Finance, Risk, IT, or a related discipline
- Professional certifications such as CRISC, CISA, or equivalent are desirable
- 6-10 years of experience across enterprise risk, operational risk, or internal audit, preferably within financial services
- Exposure to GRC platforms and experience supporting system rollouts or enhancements
- Strong understanding of ICT and cyber risks, and associated control environments
- Experience in coordinating business continuity and operational resilience programs
- Collaborative mindset with demonstrated ability to influence across departments and regions
- Structured thinker with strong written and verbal communication skills
- Highly adaptable and able to manage multiple priorities in a fast-paced environment
- Commercially savvy with a solutions-oriented approach
- Curious, proactive, and committed to continuous learning and improvement
- Stro