Back to Job Search

Job Description

IT Risk manager



Key Responsibilities

  • Ensure design, implementation, and maintenance of internal controls for IT and data risk areas.
  • Provide assurance on control effectiveness through key indicators and regular reviews; coordinate and contribute to the Technology Risk and Cyber Security working group.
  • Report on IT and data controls framework health to committees, boards, and third-party groups.
  • Educate and consult with the organization on best practices for control design.
  • Conduct focused risk assessments for existing or new services and technologies.
  • Engage in agile planning and design sessions; help prioritize IT, security, and data risk items.
  • Advise technology, product, and service teams on risk management based on best practices, regulations, and legislation, ensuring security and data protection by design.
  • Implement appropriate controls for managing information and data risks; draft policies as needed.
  • Identify and implement risk mitigation solutions; assess residual risks.
  • Collaborate with second and third line of defense teams, including Group CISO, Insurance, Group Risk and Compliance, and Internal Audit teams.
  • Stay updated on best practices, regulatory changes, and legislation affecting the Insurance business; ensure alignment with FLOD activities.
  • Ensure effective security and data incident management practices; lead incident management for priority security and data incidents, coordinating with relevant parties.

Knowledge, Skills, and Experience Required

  • Practical knowledge of IT security technologies and business solutions (Firewalls, IDS/IPS, identity and access management, SIEM, remote working, cloud technologies).
  • Understanding of application security threats and countermeasures.
  • Knowledge of IT risk frameworks and experience deploying them (e.g., ISO 27000, COBIT, NIST 800).
  • Familiarity with legislation and regulations impacting information security (e.g., GDPR).
  • Experience managing security governance in AWS and Azure environments.
  • Ability to work within a security framework and use it for continuous improvement.
  • Experience in a FLOD role, preferably as an IT Risk Analyst or Manager in a regulated industry.
  • Evidence of continuous improvements in IT and Data Risk areas.
  • Ability to communicate security and risk concepts to technical and non-technical audiences.
  • Strong relationship-building and influence skills with internal and external stakeholders.
  • Analytical skills to challenge norms and identify opportunities for improvement.
  • Ability to balance commercial needs with security and data protection requirements.
  • Desirable qualifications: CISSP, CISM, CISA.

Eames Consulting is acting as an Employment Agency in relation to this vacancy.