RSA
,
London, Greater London
Group Technology Risk & Compliance Manager
Overview
Job Description The purpose of this role is to provide 1st line Technology Risk and Compliance oversight at Group level for RSA's technology risk position (including Data and Information Security), and support senior management in their understanding, assessment and management of key risks and issues. Role Requirements Through proactive engagement and support, the presentation and explanation of relevant knowledge and effective insight, and the provision of SME advice and recommendations, the role holder will:- Enable and support senior management in understanding both the 'current state' of the principal risks, controls and issues at Group and regional level, and the impact of potential adverse events on the current state of the principal risks, controls and, issues (and, where appropriate, new/emerging risk), and Enable effective business decision making in the delivery of agreed strategy and objectives. Take responsibility for day to day management of Group Wide IT policies and standards (Data management, Information Technology, Cloud and End User Developed Applications EUDAs). The role will ensure that where it is appropriate to do so, group wide IT policies, risk and control frameworks, methodologies and reporting are developed, standardised, optimised and consistently applied across the regions to leverage external and internal best practice, and to provide clear, accurate and compelling insight to senior management, primarily at C-level exec and Board level. Responsibilities Provide proactive and effective oversight - and where appropriate, challenge - of the technology risk management frameworks, methodologies, processes, assurance, remediation and reporting activities across the regions. Focus on identifying and leveraging best practice, enabling effective integration/aggregation, and mitigating potential business impacts through leading collaborative working, joined-up thinking and prioritisation across the regions. Manage IT Policy (and associated Standards) compliance activities across the Group this includes: Ongoing group wide policy oversight Initiation and review of Policy management activities in the regions i.e. Gap Analysis Review and challenge of Policy gap remediation plans and risk acceptances Review of regional control validation plans to ensure adequate coverage Review of regional control validation outcomes Analyse technology risk and control information to provide SME insight and inform better business decision making amongst senior management Work with technology key stakeholders to help identify, define and prioritise pragmatic and efficient remediation activities in relation to risk and control issues identified globally, enabling timely closure and risk mitigation. Through the IT Risk Appetite framework, develop, embed and maintain agreed principal risks and an appropriate key controls framework - embed consistent, repeatable and sustainable risk management and control validation processes Support and challenge regular regional Risk Appetite and KRI submissions and assessments across the regions concerning the adequacy and effectiveness of the technology principal controls environment Work effectively with the regional technology, data management and information security teams, as well as 2nd line risk and Internal Audit functions. i.e. GIA and senior stakeholders, to develop/enhance, embed and maintain effective governance mechanisms across the board to support effective risk and controls management i.e. policies, standards, procedures/processes, guidelines, forums, reporting, metrics etc. Provide relevant SME risk support / inputs where required to group led IT projects/programmes, audits and controls validation. Inform and support ongoing education and awareness activities around agreed policies, frameworks and governance across the regions to ensure ongoing integrity, sustainability, consistency and operational resilience. Support senior management in their engagements with external auditors and/or regulators through the provision of SME advice/recommendations/insight. The Individual Strong and relevant experience in technology risk and controls management within the financial services industry (Related leadership and/or team management capability is desirable) Relevant academic and/or industry qualifications i.e. IRM, CISM, CISA Excellent knowledge of relevant industry frameworks i.e. ISO, NIST, COBIT, ISF, ITIL etc Happy to challenge the status quo Stakeholder management (all levels) Diplomacy and negotiation Strong / proactive engagement and communication skills Strong judgement Personal and professional integrity and credibility Strategic planning and connected thinking About Us As the world evolves so do the needs of those we serve, and we must respond with an agile yet resilient business that always strives to do better We are one of the world's longest standing general insurers, providing peace of mind to individuals and protecting small businesses and large corporations from uncertainty. We use our capabilities to anticipate and exceed customer expectations and improve outcomes for customers via our direct channel, our broker relationships or partner organisations. We have established leadership positions in Scandinavia, Canada, and the UK & International (which includes Ireland and Middle East). In 2018 our net written premiums were £6.5 billion. See our 2018 Annual Report and Accountsfor more details on our financial performance. This job was originally posted as www.totaljobs.com/job/89685609