Description:
- Work with the OCIO Risk & Security team, embed the Technology Risk Management Framework (IMMMR) including operational support for key risk processes (RCSA, risk registers, risk exceptions and acceptance, audit and risk findings, and emerging risks)
- Support a strong risk culture through risk awareness including risk and controls ownership that drives risk-based prioritisation and informed decision making
- Lead and motivate a team, managing the performance and development of direct reports, ensuring alignment with the European Technology strategic direction. Ensures robust succession planning across the team and uses talent management strategies to build and retain capability.
- Build a complete picture of the CTS risk landscape including its exposure versus tolerance limits, control design and effectiveness and management response
- Develop and support implementation of risk maturity and multiyear remediation roadmaps for CTS to comply with requirements within agreed timescales including risk priorities and commercial considerations
- Provide full oversight, coordination, and direction of first line risk management activities within CTS:
- All aspects of the risk management framework (IMMMR)
- Risk governance
- Enhancing risk awareness and culture
- Technology resilience (DR, BCM, crisis Management and emergency response)
- Ensure compliance with individual legal entities as necessary to meet their specific regulatory needs.
- Manage attestations and compliance reporting for CTS including the Annual Regulatory Compliance Management Statement
- Engage closely with the CTS leadership team and the Office of the CIO Risk & Security team to ensure full line of sight across all risk related activities, managing priorities, and ensuring delivery to meet the obligations and responsibilities set out in the parent group (Lifeco) Technology Risk Management Policy and associated policies and standards to support the European business segment
- Involve significant senior relationship and stakeholder management including engagement with LifeCo, senior executives across European segment and presentations to executive and board forums.
The Person
The ideal candidate will bring:
- Significant experience in managing risk within an IS organisation (first or second line of defence)
- Experience in a complex large organisation across multiple geographies.
- Deep knowledge and experience of IT infrastructure and Technology risk
- Experience in using risk methodologies and frameworks
- Experience in risk assessments and planning roadmaps of activity to mitigate risk
- Ability to interpret data to determine if the organisation is exposed to technology risks
- Proven ability to encourage full participation and commitment among teams
- Ability to manage competing priorities effectively and fairly
- Understanding of security technologies, risks and emerging threats.
- Broad knowledge of the elements of operational infrastructure involved in tailoring appropriate security solutions to client specific requirements.
- Specifically for this role the incumbent should have skills in managing security technologies, service management, capacity planning, risk management, product/service lifecycles, portfolio management. The incumbent should have the ability to effectively manage, grow and develop others utilising appropriate self and people management techniques and practices
- Ability to manage competing priorities effectively and fairly.
- Ability to partner with and relationship manage senior stakeholders to manage expectations and influence business goals to achieve successful outcomes.
- Experience in presenting to and reporting to senior executives and executive committees.
- The ability to set clear and challenging goals while committing the organisation to improved performance, tenacious and accountable in driving results.
- The ability to use a combination of logic, analysis, experience, wisdom to solve complex, difficult problems in a timely and innovative way.
- Third level qualification in Information Security or IT, or equivalent work or education-related experience preferable.
- CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor) or other industry recognised certifications.