Location: London, Hybrid

Salary: Competitive + Benefits

Role type: Permanent

Hours: 35 hours

Main Purpose:

Effective management of IT Risks, and their associated Controls, is a key aspect of the maturing IT organisation but something that can be hard to achieve when relying on collective responsibility.

This role will demonstrate clear ownership for EITS Risk and Controls and deliver ongoing management of policies, procedures, risk reviews and a quarterly plan to address specific actions in this area. This is important to ensure consistency across all areas of the EITS department, that controls remain active and up to date and we align to Enterprise Risk governance.

Role Context

• The role is flexible in terms of location with remote (working from home within the UK) working available on a hybrid basis, attending the office as required by the role.

Main Responsibilities

The Risk and Controls Manager needs to hold a holistic view of EITS risks in the areas of Strategy, Security, Technology, Change Delivery and Operations. As the owner, the core of the role is to define and manage governance processes needed to manage risks, mitigating controls and any relating incidents and work with Leadership and Management to ensure these are integrated with wider EITS process.

Working across the EITS organisation, supported by EITS Leadership, responsibilities include:

• Risk Management Framework: Develop and implement a comprehensive risk management framework that aligns with the organization’s strategic goals and objectives. This will be aligned to COBIT but also take into account other frameworks in use such as NIST and ITIL.

• Stakeholder Engagement: Engage with external stakeholders, including the Head of Risk Assurance, the Risk Assurance team and our internal audit partners, to ensure effective communication and compliance with risk-related policies and processes. Ensure that any change in regulation, that impacts EITS, is assessed and actions managed to completion.

• Risk Assessment: Identify, assess, and prioritize risks across EITS Pillars, including financial, operational, regulatory, reputational and strategic risks. Ensure these are documented in the appropriate Risk Register to a high standard and regularly assessed and attested.

• Risk Mitigation: Develop and implement risk mitigation strategies, controls and action plans to minimize potential negative impacts on the organization. Ensure that any required actions are maintained on the correct EITS backlogs and planned according to the EITS Change Delivery process.

• Policy Management: Establish a baseline of IT Policies, Processes and Standards. Develop a policy management process that maintains that baseline based on both the needs of the Business and required alignment to changes to meet regulatory and compliance needs.

• Risk Reporting: Prepare and present regular risk reports to EITS Leadership and Management, highlighting key risks, trends, and mitigation strategies. Establish a reporting line to Enterprise Risk Assurance, and relevant governing bodies, and provide reports to the correct level and cadence.

• Major Incident Reporting: Own the Major Incident Reporting process. Lead the post incident activity to ensure all Major Incidents are documented in line with Enterprise Risk guidelines and deliver a report to the MDU Executive detailed the incident, root cause and follow on actions. Manage a backlog of follow actions and track them to completion.

• Training and Awareness: Develop and deliver risk management training programs and workshops to enhance risk awareness and capability across the department.

• Collaboration: Represent IT Risk within the MDU to ensure that new risks being introduced by new Projects, or other business activity, and any changes to existing risks, or controls, are transitioned into the EITS Risk, documented correctly and managed in accordance with EITS process.

• MDU Audits: Work with Risk Assurance to establish a backlog of planned audits that is planned in accordance with EITS delivery processes. Assist internal, and external, audits by co-ordinating required interviews and the provision of artifacts for the EITS department.

Skills and Experience:

• 5+ years’ experience in operational risk management compliance, or governance role, within financial services or high regulation sector (for example Pharma).

• Demonstrable working knowledge of common IT processes and department functions.

• Working knowledge of a recognised Risk Management Framework, such as NIST, or as part of a more general framework such as COBIT ()

• Excellent communication and influencing skills, with the ability to engage stakeholders at all levels.

• Experience in building risk dashboards and analytics.

• Proficiency in Microsoft Office tools (Excel, PowerPoint, Word).

• Working towards or have achieved a risk qualification.

Personal Qualities:

• Able to challenge, and influence, Senior IT Management in order to achieve a necessary goal.

• Able to work on their own initiative to identify tasks, but also collaboratively in order to complete them.

• Tenacious ability to see a task to completion, especially when working on an isolated task.

• Process driven mentality

• Keen eye for detail and a determination to see tasks through to a conclusion.

• Able to work in a process driven environment and able to apply necessary processes, and policies consistently in day-to-day work.

• Ability to provide constructive coaching to others.

• Collaborative mindset and a passion for continuous improvement.

You may have experience in the following: IT Risk & Governance Manager, Enterprise IT Risk Manager, Technology Risk Manager, IT Risk Assurance Manager, Information Risk Manager, IT Operational Risk Manager, Technology Risk & Compliance Manager, etc.

REF-(phone number removed)