Operational Risk & Resilience Architect

Location: London (Hybrid, 3 days on-site - City of London)

Duration: Contract (6-9 months initially with potential for extension)

Key Essential Skills:

• Strong architecture experience - mapping as-is and to-be states, defining transformation pathways, and developing target-state architectures that align with business strategy.
• Proven experience in Operational Risk and Resilience frameworks within large, regulated financial environments.
• Deep exposure to Governance, Risk & Compliance (GRC) tools and frameworks - understanding how policies, controls, and data constructs InterconnecT (eg DORA, MiFID II, SOX, ISO22301).
• Strong knowledge of technology architecture principles and how they intersect with risk and resilience objectives.
• Proven ability to manage and influence senior stakeholders, gaining alignment across Risk, Compliance, and Technology leadership teams.
• Experience working across the three lines of defence, partnering with Risk, Compliance, and Architecture Governance functions.
• Excellent communication skills, capable of articulating complex architectural and risk concepts to both technical and non-technical audiences.

Desirable Skills

• Prior experience in operational resilience, technology risk, or enterprise architecture within financial services.
• Familiarity with enterprise architecture and control frameworks (TOGAF, SABSA, NIST).
• Hands-on experience with resilience testing, RCSA, or control design.
• Exposure to GRC tooling ecosystems such as MetricStream, ServiceNow GRC, or Archer.
• Background in consulting or transformation programmes, particularly around risk and compliance integration.
• Understanding of automation, metrics, and control assurance tooling.

Overview:

We have an exciting opportunity for an experienced Operational Risk & Resilience Architect to join Thebes Group, supporting a major financial institution in defining and delivering its next-generation risk and resilience architecture.

This strategic and hands-on role combines architectural strategy, GRC enablement, and stakeholder influence. You'll be responsible for assessing the current ecosystem, designing the target-state architecture, and shaping a pragmatic transformation roadmap that connects technology, controls, and business outcomes.

Working across Risk, Compliance, and Technology, you'll ensure that resilience, control effectiveness, and governance are Embedded into every layer of the organisation's operating model. The ideal candidate will demonstrate the credibility, confidence, and influence to bring diverse senior stakeholders together behind a unified architectural vision - turning regulatory and risk requirements into practical, measurable design outcomes that enhance organisational resilience.

Role & Responsibilities:

Architecture & Target State Design

• Assess the current ( as-is ) architectural landscape and define a clear, actionable ( to-be ) target state.
• Map the transformation journey - immediate improvements, medium-term priorities, and long-term strategic objectives.
• Develop architectural blueprints that align technology solutions with enterprise goals, regulatory expectations, and resilience outcomes.

Risk & Resilience Framework Design

• Design and implement enterprise-level operational resilience frameworks aligned to DORA, PRA SS1/21, ISO22301, and related standards.
• Define and document risk control architectures, ensuring processes, technologies, and controls align with risk appetite and governance requirements.
• Develop and maintain control taxonomies, impact tolerance metrics, and resilience testing methodologies.

GRC & Control Integration

• Leverage experience with GRC tools and data models to integrate policies, controls, and standards within enterprise architectures.
• Connect regulatory compliance, operational risk, and technical controls into a cohesive architecture.
• Collaborate with Risk and Compliance to ensure consistent control application and traceability.

Governance & Oversight

• Partner with Operational Risk, Compliance, and Architecture Governance teams to ensure consistent application of resilience and control principles.
• Support RCSA processes, control assessments, and governance reviews.
• Produce and present risk and resilience dashboards, reports, and architectural artefacts to senior stakeholders.

Stakeholder Engagement & Influence

• Manage upwards - influencing senior stakeholders with clarity, credibility, and confidence.
• Build alignment across functions through a balanced and collaborative approach to change.
• Act as a trusted advisor, providing architectural insight that drives business confidence in transformation decisions.

Importance of Influence:

Beyond technical and architectural capability, the ideal candidate will possess the ability to influence through confidence and credibility - guiding senior stakeholders toward consensus and adoption of the architectural vision. They will not only design the path forward but bring others along with it.

Outline Thebes Group:

Thebes Group is a leading UK wide IT infrastructure technology consultancy. We are well-known for our extensive talent pool of highly competent IT professionals and exclusive Academy programmes, which provide a great opportunity to undertake technical training in core disciplines. Thebes work with a number of leading vendors, Government, financial institutions and insurance companies including investment banks, brokers and hedge funds.

Thebes does IT solutions & services differently from most other IT service providers. As an Assured Outcome Provider (AOP) we have spent fifteen years willingly sharing the client's risk with them by focusing on outputs (ie quality service & solutions and ROI) rather than inputs (ie pricelists and headcount). We do this by fitting our skills, solutions & capabilities to needs, augmenting our staff with enthusiastic professionals from our Academy programme and remaining flexible as our clients' needs change.