IT Risk Manager

The Audit Risk Recruitment Company (ARRC)* has been exclusively mandated to assist our client, a reputable insurance business, in their search for an IT Risk and Controls manager.

Reporting directly into the CISO, this is a second line risk role, assessing system risk around areas such as settlement and adjustment claims, mutual funds, IT product supplier risk and investment management. You will also be working closely with the internal audit function to cover technology related audits so internal audit experience is also of benefit for this position.

This is an exciting opportunity for an IT Risk / Audit professional to join a collaborative and forward-thinking business with opportunities to progress within technology development and securities.

The role has global responsibility and will require the occasionally trip to South America (subject to restrictions being lifted)

Role Responsibilities

• Support the development and maintenance of a risk and controls culture across the business, including continuous communication with controls operators and owners across the IT function
• Champion Risk Management across the business units, supporting the identification and assessment of IT Risks
• Manage the IT Controls framework, including planning, documentation, testing of IT Controls, and any follow-ups to ensure mitigation of any failures and weaknesses.
• Review, evaluate, and document internal controls, including the adequacy of documentation and design effectiveness assessment through review of documents and meeting Control Owners
• Responsible for monitoring compliance to the ISO27001 framework globally and lead the global ISO27001 certification process, including management of surveillance audits
• Undertake routine discussions with key stakeholders on IT control testing outcomes and action plans and ensure risk remediation/control improvement objectives are addressed by the actions
• Perform the testing of Design, Implementation and Operational Effectiveness of Internal Controls, including those managed by third party suppliers
• Work with colleagues to plan and execute audits to a high quality to provide audit assurance and insights over the highest technology risk and support the delivery of objective, concise and insightful audit reports on the effectiveness of the framework of controls for each audit

Required experience

• A background in IT Service Management, particularly in the running of IT Service Operations within second or third lines of defence
• Demonstrable experience in Information Technology audits or IT Assurance (e.g. CISSP, CISM, CISA, CRISC)
• Strong interpersonal, communication and influencing skills with the confidence and ability to operate effectively at all levels including third parties and external customers
• Experience of managing ITIL Service Operations (Service Desk, Change, Incident, Problem etc) and introducing improvements to those operations
• Ensure controls are aligned to GDPR (Information security, process reviews & systems)
• Experience of MI / Data Analytics / Reporting and experience of ServiceNow toolset an advantage
• Commercial experience of negotiating and managing contracts
• Experience of managing strategic relationships with a long-term perspective
• Experience of supplier risk assessments, and ideally of performing onsite supplier control tests
• A sound understanding of British and International Security Standards (e.g. ISO/IEC 27001, ISO/IEC 27002, NIST, CIS-20, PCIDSS) and the UK regulatory environment (e.g. ICO, FCA, PRA and CQC)

*The Audit Risk Recruitment Company - Experts in Audit and Risk