Technology / Cyber Governance, Risk and Compliance - London, United Kingdom - eFinancialCareers

eFinancialCareers

Verified Company

London, United Kingdom

3 weeks ago

Posted by:

Tom O´Connor

beBee Recruiter

Description

Technology / Cyber Governance, Risk and Compliance Manager
12 month Fixed term contract

Exciting opportunity to join a leading insurer in the city of London as a Technology / Cyber Governance, Risk and Compliance Manager.

If you have experience on the development/implementation of technology risk framework and processes this could be the idealrole for you.

This is a crucial position to the function to establish a detective and preventive control framework over security threats, as well as to operationalise control assessments.

Positioned within the Operational Risk Management team, the main purpose of the Role is to design, implement and manage the company's Cyber Governance, Risk & Control (GRC) policy and framework.

The position is responsible for risk oversight and challengeof 1st-line cyber security controls, ensuring all risk & assurance activities combine.

Responsibilities include:

Develop, implement, and continuously review the Cybersecurity Risk Management Policy, Framework and Control Environment.
Define acceptable control maturity, required to achieve operational risk tolerance. Act as 2nd line representative for cybersecurity programme oversight.
Act as the company's focal point with PRA, Lloyds and other, relevant market and national regulators; collating reports and ensuring controls and remediation align with regulatory expectations.
Ensure successful definition and implementation of the 2nd Line of Defence (LoD) Information Risk management within the Operational Risk framework in accordance with risk management policies and the 3 LoD model, with a specific focus on information securitycontrol framework
Be the key contact for the Risk & Control Self-Assessment (RCSA) process and have continued dialogue with information security control owners
Perform business reviews to assess the level of internal control, and demonstrate that risks are managed within risk appetite, and advise management of the results and recommendations
Ensure successful implementation of information security risk management framework through deep dives, risk control selfassessment (RCSA), management actions, and development and testing of formal internal controls
Develop, monitor, evaluate and report key information security metrics to provide management with accurate and meaningful information regarding the effectiveness of the information security controls (design and operation)

Skills required:

Bachelor's and/or Master's degree in Information Technology, Cybersecurity, or similar/equivalent education or experience
Extensive experience in Information Security Risk Management
Practical and applied knowledge of the main information and cybersecurity frameworks such as ISO 27001/ISO 27005, NIST Cybersecurity Framework, and general legal and regulatory framework such as EU GDPR, EU NIS 2, etc
Experience of working within or alongside key Operational Risk processes in a first or second line of defence capacity and understanding of the principles of risk management
Excellent stakeholder management skills, including technical members of staff and senior executives as well as a proven track record of constructive business partnering approach and negotiation/positive influencing skills.
Ability to understand and analyse business processes and technologies to make sound recommendations to nontechnical constituents
Use and knowledge of Governance, Risk and Compliance platforms preferred.
Familiarity with the management of operational risk within the financial services sector, prior experience working in a financial services industry would be advantageous