This is an exceptional opportunity to join a thriving business with an outstanding brand, strong social values, a continued track record of growth, and a contented workforce.  The role in particular is attractive for a variety of factors. There is strong internal demand for additional expertise to drive further development of IT risk management practices across the group. The role provides routine, engaging exposure to a variety of business divisions, IT teams, 3rd party suppliers, innovative IT / digital initiatives, and cloud technologies where an individual with the right expertise can significantly influence change.

As a member of the IT Operational Risk team situated within Group Shared Services IT and functionally aligned to group and business division Risk functions, the ‘IT Operational Risk Manager - Group’ provides 2nd line of defence IT risk specialist oversight (advisory, review, and challenge) over 1st line IT risk management activities for group functions and business divisions. The role line reports to the ‘Operational Risk Consultant IT’.  The purpose of the role is to limit the occurrence and business impacts of adverse events, while contributing to business success through management of IT Operational risk.

1. Develop and maintain proactive working relationships directly with all levels of management across business divisions and group functions (i.e. including other 2^nd line risk specialists, e.g. Chief Information Security Officer (CISO) Office, Conduct Risk teams, Division Operational Risk teams) to ensure on-going timely identification, assessment, and management of IT operational risk across the business divisions and functions, in-line with internal, legal and regulatory requirements.  This will include IT Security and Cyber risk within Information security.
2. Advise business / IT management in understanding the entirety of their IT risk landscape, proactively develop the definition of risk appetite / Key Risk Indicator(s) and other reporting to monitor those risks, and advise on strategies to address items outside appetite.
3. Oversee the management and maintenance of risk processes and systems used to identify and monitor control effectiveness for key risks, and to ensure control deficiencies are addressed by management on a timely basis through mitigating actions and/or informed risk acceptance.  Ensure awareness and training on risk processes are undertaken where required.
4. Represent Operational Risk by attending and challenging at key governance meetings (e.g. key 3^rd party IT supplier service & risk governance committees, IT Risk & Compliance Committee).
5. Take the lead oversight role in ensuring that the appropriate controls are in place for any new or emerging technology delivered.  This includes representing Operational Risk & Compliance / Conduct risk in review and approval of any proposed or existing uses of externally hosted technologies (included cloud services) as part of an existing hosting governance process.
6. Provide review and challenge of high priority security, infrastructure and applications IT change projects and programmes.
7. Act as a key operational point of contact for internal and external audit with management, ensuring recommendations are comprehensively reviewed and implemented. 
8. Work alongside the Conduct Risk & Compliance functions in assessing and pursuing the risk implications of FCA / PRA regulatory requirements with respect to management of IT Operational Risk.
9. Work routinely with other IT Operational Risk specialist resources across the group as a functional team to:

1. share specialist skills / knowledge
2. help to ensure specialist resource organizational coverage / redundancy
3. develop and maintain a common / shared approach to IT risk oversight, standard reference controls, reporting, and sharing of best practices
4. represent IT Operational Risk in group wide initiatives, working groups, and/or other committees from time to time

10. Ensure technical and professional risk management expertise is developed and maintained.

Ensure IT risk management activities include due consideration to impacts and fair treatment of customers.

Qualifications, Knowledge and Skills:

Graduate or equivalent education / background

CISA, CRISC or equivalent experience.

Desirable: CISM, CISSP, ITIL, CoBIT 5

Knowledge:

Expert knowledge in IT Risk Management: definition / design of risk appetite and other risk management metrics & information, Key Risk Indicators (KRI’s), risk assessment methodologies, policies, standards, controls, controls testing/monitoring, assurance, internal / external audit, regulatory, lines of defence risk framework.

Broad knowledge across all aspects of Information Technology management in a professional enterprise environment, also with in-depth expertise in at least a three of the following areas:

1. IT Change: application / mobile / web development, systems development life cycle, project management (agile and waterfall methodologies), software quality
2. IT Operations: production support & service  (Service Level Management, Quality Assurance, Software Asset Management / Licensing, Configuration Management, Service Desk, Command Centre, Problem / Incident Management, Resource / Capacity Planning)
3. IT Infrastructure engineering & systems administration (networks (firewalls (Cisco, Juniper), routers, Intrusion Prevention / Detection), mainframe, client computing, wintel server, domain controllers/active directory, iSeries / AS400, VMWare (Virtual Center & ESX Server), Citrix, Linux/Unix, Network Attached Storage (NAS), Storage Area Network (SAN), Backup, Batch Services, Middleware, Webhosting (IIS, iPlanet / SunOne, Websphere, Weblogic, Apache), Database administration (Oracle, Sybase, SQL Server (RDBMS), DB2)
4. Cloud Architecture (e.g. AWS, Microsoft Azure)
5. IT Procurement and 3^rd party supplier oversight
6. IT Security, Cyber Risk, Identity & Access Management (IAM)
7. IT Strategy & Architecture
8. IT Finance & Resource planning
9. IT Resilience: business continuity, disaster recover

Knowledge in a variety of financial services businesses and operating environments are preferable, particularly:

• Banking (retail, commercial, institutional, or private)
• Asset Management
• Insurance
• Pensions, annuities
• Property fund management (commercial & residential) & development
• Note that adaptable, otherwise exceptional candidates with a background in other sectors can be successful in this role.

Good to exceptional knowledge in IT outsourcing (3rd party IT suppliers) relationship management and supplier oversight is required.

Desirable: some effective background in IT "hands on" experience in other types of IT roles (e.g. development, business systems analyst, software testing, project/programme manager, production support, IT relationship manager, etc.)

Skills:

1. Strong analytical skills, enquiring mind, with a tenacious approach; accurate with attention to detail and facts.
2. Ability to communicate and influence clearly and effectively. Confident and able to present in structured manner.
3. Ability to build effective relationships
4. Strong organisation skills and drive
5. Microsoft Office

• Word – advanced user
• Excel – advanced/power user

Powerpoint – intermediate user

Whatever your role, we reward ability, performance and attitude with a package that looks after all the things that are important to you. Our employees have a wide range of benefits including a generous pension scheme, life assurance, 30 days' holiday, private medical insurance, performance related bonuses, discounts at both a huge range of high street stores and our own great products, as well as a 12% car allowance scheme, your hard work will be rewarded when you join us.

For further information about the role, please contact Lynn Morriss, UK Resourcing Lead, at lynn.morriss@landg.com