IT Risk Manager
Apply now Apply via LinkedIn Email a friend Back to search
- Company Info
- Working here is about being there for our customers; we're available should the worst happen and we work together to enable social and financial equality across the UK. But it's also about you -how you develop and what you can achieve. We'll help your talent thrive in an environment where you'll be supported to work flexibly and autonomously, sharing in our success and rewarded for a great performance with a generous benefits package.
- Department Info
- With around one million customers, our retail business helps turn customers' pension savings into lifelong retirement income and our corporate business looks after our defined benefit pension schemes ensuring they are effectively managed to protect against risk and achieve their maximum potential.
- Job Duties
- The role holder will ensure that the business is effectively identifying and managing risk, along with related analysis and reporting, to maintain the integrity of data within the risk management system and to provide a key interface to both internal and external clients in the management of risk. Additionally, to provide support for the operational risk activities across the LGR, LGI & GI Businesses.
Working in conjunction with Divisional IT Teams and the Businesses, the IT Risk Manager acts as an expert advisor to management concerning risks involving or affecting information technology and security. Whilst IT risks are owned by individual managers throughout the organisation, the IT Risk Manager is responsible for the oversight of compliance with technology risk management policies, procedures and guidelines, and is expected to ensure that technology risks are appropriately measured and prioritised by IT.
- Proactively work directly with all levels of management to embed a risk framework to identify, quantify, monitor and control IT & IS risks across the divisions.
- Oversee the management and maintenance of the processes and systems for identifying, controlling and reviewing key risks and control deficiencies and for ensuring appropriate action is taken by management.
- Provide oversight and guidance to international businesses to ensure that they are aligned to divisional standards and manage operational risks within an acceptable tolerance.
- Provide expert advice and effective 2nd line of defence challenge and support for the divisions IT strategy, governance and insourcing / outsourcing relationships.
- Ensure all suppliers, both internal and external, align to the Group IT and Divisional IT Risk Control Framework and standards.
- Ensure key and material risks are appropriately escalated to the Divisional Risk Committees.
- Ensure the Operational Risk Database (OSX) is maintained, updated and all necessary approvals are given for all IT and IS risks
- Work across the Business areas to ensure, where and when appropriate, risks are reported, shared and escalated
- Undertake proactive and targeted risk and control assessments and present the outcomes and recommendations to senior management.
- Work alongside the Compliance function in assessing and pursuing the risk implications of FCA/PRA requirements.
- Monitor all IT audit actions ensuring plans are in place to remediate the audit issues within the appropriate timescale
- Assess, impact and document the impact of the IT Risk(s) identified from audit actions
- Oversight of the risk with IT suppliers, ensuring compliance and alignment to L&G and Divisional policies and standards
- To work alongside Divisional IT ensuring the appropriate IT risks are determined against a supplier not meeting the agreed SLA's
- Ensure that arrangements are in place to monitor that all IT suppliers have appropriate DR capability, including confirmation of DR test results.
- Ensuring the Divisional IT accountabilities are appropriate, defined and achievable and IT Risk(s) is logged, assessed, impacted and has appropriate ownership.
- Oversight of IT Risk scenarios across all IT suppliers in the event of an IT failure.
- Provide expert advice and effective 2nd line of defence challenge and support for high priority security, infrastructure and applications projects and programmes.
- Evaluate changes to the business IT environment and implement strategies to ensure the ongoing effectiveness of the risk management framework.
- To maintain, update, develop and produce appropriate reporting to the Divisional Risk Committees, as well as at a project level and a supplier level.
- Maintain effective working relationship with Divisional Risk, Group Risk, Divisional IT, Group CISO, Group IT Audit and Business Heads to ensure a free flow of information and to avoid duplication or conflict in the support provided to relevant business areas.
- To take lead in all matters with regard to the management of employees, ensuring the management discretion is used in a consistent manner and that the area follows the Group's policies and procedures including the Partnership Agreement to maximise the business performance.
- Skills Required
- COBIT 5 and / or CISA not essential but preferable
- Broad IT knowledge including application, security, service and infrastructure management.
- Experience of BCP/DR planning
- Knowledge and experience of IT supplier management / monitoring including the definition and reporting of appropriate KPI's and metrics
- Experience of creating an IT risk control framework and the appropriate reporting
- Knowledge and experience of SDLC across project delivery methods
- Knowledge and experience of aligning to IT Security and Governance policies and procedures
- Knowledge and experience of SLAs and monitoring performance of internal and 3rd parties
- Prior experience of delivering against a Senior IT Risk Management role
- Strong experience of architecture principles across business, infrastructure and technical architecture
- Strong organisational and communication skills and able to work to deadlines
- Good understanding of the development process
- Good understanding of the Business Change life-cycle
- Good understanding of governance responsibilities in general and in particular to Audit, Compliance and Group Risk
- Whatever your role, we reward ability, performance and attitude with a package that looks after all the things that are important to you. Our employees have a wide range of benefits including a generous pension scheme, life assurance, 30 days' holiday, private medical insurance, performance related bonuses, discounts at both a huge range of high street stores and our own great products, as well as a 12% car allowance scheme, your hard work will be rewarded when you join us.
For further information, please contact Lucy Sweett, Resourcing Lead on