IT Risk Manager
- Role Type
- Closing Date
- Company Info
Working here is about being there for our customers; we’re available should the worst happen and we work together to enable social and financial equality across the UK. But it’s also about you –how you develop and what you can achieve. We’ll help your talent thrive in an environment where you’ll be supported to work flexibly and autonomously, sharing in our success and rewarded for a great performance with a generous benefits package.
- Department Info
With around one million customers, our retail business helps turn customers’ pension savings into lifelong retirement income and our corporate business looks after our defined benefit pension schemes ensuring they are effectively managed to protect against risk and achieve their maximum potential.
We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation, gender identity or age.
- Job Duties
Purpose of role:
- Reporting to the Legal and General Home Finance Head of IT Operations, the role sits with Technology as a 1 LOD (First Line of Defence) and will provide IT Risk Management expertise and guidance.
- The role holder will deliver subject matter expertise to design and deliver IT Risk Management initiatives and processes that are aligned to the IT Operational Risk Management framework. The role will include seeking stakeholder engagement and approval, managing communication to ensure that IT and Change are recorded, delivered and run with the appropriate focus on IT risk and control.
- Work with the Second Line of Defence IT Operational Risk Manager and IT stakeholders within Group IT and local IT and Change to develop and implement First Line of Defence IT Risk Management activities in order to adequately identify, assess, respond to, monitor and report on IT Risk.
- Responsible for identifying and assessing IT risk. This will include identifying and assessing changes that could impact the effectiveness as well as the identification and assessment of changes that require new controls as well as completing IT risk and control assessments and ensuring IT risk maps are complete and accurate in OSX.
- Develop and implement an IT Risk reporting pack that includes IT Risk KRIs and KCIs, both lead and lag. Set up and operation of an IT Risk Committee (ITRC) including defining and agreeing the ToR, escalation criteria and the reporting that will be used for the ITRC. Understand and disseminate the existing and any new compliance standards
- Ensure IT risk and controls are aligned with regulatory and compliance requirements and L&G Group IT standards (Security/Governance/Data Protection) and L&G Group Risk controls.
- Ensure all IT Risk documentation and controls are relevant and updated as and when necessary Responsible for ensuring OSX is maintained, updated and all necessary approvals are given for all IT technology risks
- To work with the BCP team in ensuring the IT accountabilities are appropriate, defined and achievable and IT Risk(s) is logged, assessed, impacted and have appropriate ownership
- To ensure all IT Risk(s) for IT suppliers providing a DR capability are appropriately logged, reported and actioned and align to the expected DR standards.
- Ensure all IT suppliers have appropriate DR capability and can evidence DR test results
- Ensure the IT DR plan(s) is appropriately assessed for IT Risk and all risks are logged and reported as appropriate with risk owners
- To be accountable for ensuring all IT audit actions are logged and action owners and plans are in place to remediate the audit issues within the appropriate timescale
- Assess, impact and document the impact of the IT Risk(s) identified from audit actions
- Develop and implement general controls over IT, including supporting policies and procedures. Works with Group IT where these IT Controls sit within Group to ensure they are appropriately mapped to the correct risk profile. Establishes and builds relationships with Group IT peers in order to obtain a view on the whole IT control environment and manage its impact on the IT risk profile. Responsible for ownership for risks, responses, issues and action plans
- Skills Required
- Educated to bachelor’s degree level or equivalent experience
- Relevant professional qualifications in one or more of the following ITIL, COBIT, CRISC, CISM, CISA and CGEIT
- Ability to see where gaps exist in Risk Management activities and to have the ability to set up new activities.
- knowledge and experience of BCP/DR plans
- knowledge and experience of managing suppliers including the definition and reporting of appropriate KPI’s and metrics
- knowledge and experience of creating a risk control framework and the appropriate reporting
- Broad knowledge of delivering technology change across all project delivery methods
- Knowledge and experience of aligning to IT Security, Governance and IT policies and procedures
- Knowledge of a broad base of technologies
- Understanding of the Business Change life-cycle
- Background of governance responsibilities in general and in particular to Audit, Compliance and Group Risk
- Understanding of contract negotiation and contract/supplier management best practices
- Experience of Operational IT principles and practices
- Understanding of architecture principles across business, infrastructure and technical architecture
- Experience in Technology Risk Management in 1st, 2nd and 3rd line
- Experience in the operation of technology controls (IT Service Management operational procedures)
- Experience in highly regulated environments (FS or Insurance etc)
- Understanding of operational resilience, risk control frameworks, IT Risk reporting, Risk, Audit and control assessments
- A broad understanding of the UK regulatory expectations for corporate governance, risk management, IT control environments and operation resilience.
- Experience in working collaboratively with technology and business leaders
- Demonstrates ownership, helpfulness, willingness and determination
- Excellent Stakeholder management and communication skills
- The candidate will have the ability to lead themselves and to obtain stakeholder buy-in to see initiatives through to completion
Whatever your role, we reward ability, performance and attitude with a package that looks after all the things that are important to you. Our employees have a wide range of benefits including a generous pension scheme, life assurance, 27 days' holiday,private medical insurance, performance related bonuses, a variety of share schemes, discounts at both a huge range of high street stores and our own great products, your hard work will be rewarded when you join us.
For more details, please contact Helen Brockbank - Resourcing Lead - firstname.lastname@example.org