Investigo's major client based in Staines is seeking an experienced IT Risk Manager to join an existing team. The role holder will be responsible for IT risk management, compliance with applicable polices and standards, applicable contractual, statutory and regulatory frameworks from an operational IT perspective and stakeholder management of risk owners or risk custodians.
- Manage the UK IT Risk Register. Ensure identified risks are owned, prioritised, escalated and managed in line with the UK Risk Management Framework.
- Act as a specialist risk business partner to the Insurance and Provision business units, providing support and oversight of their risk management activities.
- Conducting and managing IT risk assessment for the business including advising the business of risks, identifying compensating controls and effectively measuring and communicating residual risks.
- Ensure appropriate relationships are maintained with IT departments in the UK business units by managing stake holder requirements along with ensuring risk management activities are completed.
- Conducting and managing risk assessments for new IT solutions being brought into the business.
- Represent IT Security and Risk on change boards ensuring changes are suitably challenged for security and resilience risks and that roll back plans are established.
- Preparing risk reporting information for parent committees such as the ITRC.
- Conducting application security risk assessments.
- Providing advice and consultancy in the IT Security or IT Resilience areas so that stakeholders or other team members can make informed decisions.
- Work with 2nd and 3rd line teams to ensure the assurance process is supported and resulting actions remediated.
- Educated to Degree or equivalent level
- Extensive skills and experience across the IT spectrum including IT infrastructure, IT Security, IT Resilience.
- 3+ years professional experience in carrying out IT Risk management and maintaining a risk register with skills in Cyber and IT Risk.
- Exposure to prevalent industry standards such as ISO27001, FCA, PRA, ICO, PCI-DSS, CIS, ITIL etc.
- Certified in relevant IT risk and security certifications with preferably at least one of the following CISM, CRISC, CISA.
- The role requires strong technical IT and IT Security knowledge, experience of risk management frameworks and operational risk management processes (e.g. NIST ISO 27001, ISO 38500, CSC top 20, COBIT 5) along with experience of assurance processes.
- The role holder will also support change management specialists in the risk assessment of new IT solutions.
- Experience working in a team-oriented, collaborative environment.
- Experience of IT Resilience strategies such as Disaster recovery, Business continuity for supplier assessments.
- Experience producing risk documentation such as risk assessments, risk acceptance and risk MI reports.
- Experience in planning and carrying out IT risk assessments, compliance and risk management activities.
- Experience of IT Resilience strategies such as Disaster recovery, Business continuity so that such risk types can be accurately assessed.