IT Risk Manager

• FLOD Accountability: Own all FLOD activities, processes, and improvements for technology and data assets, collaborating with relevant stakeholders
• Control Design & Assurance: Ensure internal controls for IT and data risks are designed, implemented, and maintained. Provide assurance of control effectiveness through indicators and reviews
• Reporting: Deliver regular updates on IT and data control health to committees, boards, and relevant third parties
• Education & Consultation: Advise on best practice control design and risk management across technology, product, and service teams
• Risk Assessment: Conduct focused risk assessments for new and existing services and technologies
• Agile Engagement: Participate in planning and design sessions, helping prioritise IT, security, and data risk items
• Policy & Control Implementation: Identify and implement appropriate controls, maintain draft policies, and improve risk posture through remediation and mitigation strategies
• Collaboration: Work closely with Group CISO, Insurance and Group Risk & Compliance, and Internal Audit teams
• Continuous Improvement: Stay updated on regulatory and industry changes, mature the IT and data risk framework, and pursue recognised accreditations
• Incident Management: Ensure robust security and data incident practices, lead resolution of priority incidents (P1/P2), and coordinate with internal and external stakeholders

• Strong practical knowledge of IT security technologies and business solutions, including firewalls, IDS/IPS, identity and access management, SIEM, remote working, and cloud technologies (AWS and Azure)
• Solid understanding of application security threats, current and emerging information security risks, and organisational challenges in addressing them
• In-depth knowledge of IT risk frameworks and experience deploying them for business advancement, regulatory compliance, and security management (e.g., ISO 27000, COBIT, NIST 800)
• Familiarity with legislation and regulations impacting information security, such as GDPR
• Ability to work within and leverage a security framework for continuous improvement
• Demonstrable experience in a First Line of Defence (FLOD) role, ideally as an IT Risk Analyst or Manager in a regulated industry (preferably Insurance)
• Proven track record of delivering continuous improvements in IT and Data Risk areas
• Comfortable operating in a fast-paced, commercially focused environment
• Strong communication skills to explain security and risk concepts to both technical and non technical audiences
• Ability to build relationships, influence decisions, and overcome organisational barriers to achieve goals
• Excellent analytical skills, with the ability to challenge norms and take a pragmatic approach, balancing commercial needs with security and data protection requirements
• Ability to identify, assess, and communicate risks, driving objective, fact-based decisions that optimise risk mitigation and business performance

Professional certifications such as CISSP, CISM, and/or CISA are desirable