SKILLS & EXPERIENCE

• Externally recognised relevant professional/ industry certification and membership (e.g. CISSP, CISM, CISA, BCI, ACII) is essential
• Must have relevant experience in technology, data, and information security risk management, with a focus on change management, application development, Cloud and Artificial Intelligence, with proven track record especially within a regulated industry sector.
• Experience in experience of working with digital and automated process environments, including payments processing, is preferred.
• Experience in the 2nd Line of defence is preferred, including in running reporting frameworks and understanding and meeting the risk management requirements of Executives, Risk Committees and Boards.
• Significant breadth of experience and knowledge of Life and Pensions or broader Financial Services
• Excellent understanding of relevant legislation, standards and frameworks with regard to technology, data and information security risks and related control environment.
• Excellent technical knowledge of hybrid network environments, specifically considering Information Security, ICT and Cloud risks.
• Good understanding of current Application Development standards, including Artificial Intelligence/ Robotic Process Automation technologies and the associated risks.
• Exemplary relationship management skills and knowledge.
• Excellent communication, including presentation, and report writing.
• Strong understanding of risk management practices and their application. Ability to identify emerging risks and to drive understanding and management.
• Good understanding of regulatory context for operation of risk management, including FCA (Financial Conduct Authority) handbook and Solvency 2 Directive requirements relating to technology, data and information security risks.
• Strong delivery focus and organisational/ project management skills to coordinate and deliver plans to agreed timescales.

ABOUT THE ROLE

As the IT Senior Risk Manager you will support the Director of Enterprise Risk, the Chief Risk Officer, the Chief Digital Information Officer, and other Executives and senior management in developing and maintaining an appropriate and resilient technology and data risk management framework.
You will also provide independent and proactive advice and challenge to 1st Line identification, measurement, management, monitoring, and reporting of the Group’s technology risks, including in large change and transformation initiatives.

RESPONSIBILITIES

• You will support the Director of Enterprise Risk in developing, educating and embedding risk management practices and culture within Just that support our risk appetite and strategic goals.
• You will act as senior risk partner to the Just Delivery organisation, including Technology and/ or Data and/ or Architecture and the attendance and support of Senior Management Team meetings and associated risk reporting for those parts of the business and associated Group entities.
• You will provide trusted advice to key stakeholders, including the Executive and senior management and across 1st and 2nd Line colleagues, on the steps that should be taken to maintain technology, data and information security risks managed at a level that is consistent with the Group’s risk appetite and in line with legal and regulatory requirements.
• You will support the delivery of the Group’s Internal Model for Operational Risk through the development and maintenance of technology, data, and information security risk scenarios with risk owners and other key stakeholders.
• You will be responsible for establishing an environment of trust and open communication which will establish a cohesive spirit across 1st and 2nd Line colleagues.
• You will oversee the adequacy of technology related risk mitigation for new and existing business activity, including large change and transformation initiatives.
• You will develop proficiency in the use of the Group’s risk management systems and tools and in supporting the Just Delivery organisation in the identification, assessment and reporting of risks at departmental level.
• You will take responsibility for ensuring you comply with the company’s procedures, policies, guidelines and reporting requirements as well as any relevant regulatory and statutory requirements.
• You will provide guidance and support to other team members on IT risk management best practices.
• You will stay up-to-date with the latest developments and trends in IT risk management.