61 Ofertas de It Risk en Colombia

Requisition ID:

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

Purpose

Plays an important role in the Bank's Three Lines of Defense Framework, providing First Line of Defense for IB and the Bank for all technology risk domains, including Cyber Security, Data Privacy, Software Currency, Disaster and Backup Recovery, Third Party Management, Identity and Access Management and Audit and Regulatory issue remediation.

The role supports the Director, IT Risk to achieve IB's top priorities of Stability and Risk Reduction by collaboratively assessing, analyzing and quantifying IT risk, designing controls and assisting in their implementation. Part of a strategic and comprehensive IT Risk Management function ensures control implementation in accordance with regulatory expectations, risk appetite, organizational risk practices and evolving business practices.

Key Accountabilities

• Work with the Director: Identify, assess, prioritize and report on material IT risks for IT and aligned business areas. This will require working with risk owners under various VP/leadership teams.
• Identify, assess, prioritize and report on IT risk for relevant business areas.
• Conduct detailed IT risk assessments and ensure that IT Risk assessments and outputs are recorded in enterprise tools and are in full compliance with defined policies and common standards, including the IT Risk Management Policy and Framework.
• Perform IT risk control testing and monitoring (as applicable) and ensure that testing activities are conducted in compliance with governing regulations, internal policies and procedures.
• Perform IT risk reporting, coordination and monitoring (as applicable) for OSFI obligations programs from the Bank for IB subsidiaries.

Education / Experience

Must have

• Degree in Computer Science, Engineering, Business Commerce or equivalent experience.
• At least B2 English level.
• Candidates should have IT and risk management experience (governance, cybersecurity, operations, audit, control functions, compliance and risk management).
• At least 5 years of IT risk management experience.
• Strong PPT, Excel and presentation preparation skills are expected. Strong data analytics background.

Nice to have

• Additional relevant Certifications would be an asset. ITIL Foundation Cert. in ITSM, COBIT, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) or Certified in Risk and Information System Control (CRISC) are desirable.
• Visual dash-boarding (PowerBI/Tableau).

Location(s): Colombia : Bogota : Bogota

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.

Join to apply for the IT Risk Lead role at Scotiabank

Requisition ID:

Join a purpose-driven winning team, committed to results, in an inclusive and high-performing culture.

Purpose
Plays an important role in the Bank’s Three Lines of Defense Framework, providing First Line of Defense for IB and the Bank for all technology risk domains, including Cyber Security, Data Privacy, Software Currency, Disaster and Backup Recovery, Third Party Management, Identity and Access Management and Audit and Regulatory issue remediation.

The role supports the Director, IT Risk to achieve IB’s top priorities of Stability and Risk Reduction by collaboratively assessing, analyzing and quantifying IT risk, designing controls and assisting in their implementation. Part of a strategic and comprehensive IT Risk Management function ensures control implementation in accordance with regulatory expectations, risk appetite, organizational risk practices and evolving business practices.

Key Accountabilities

• Work with the Director: Identify, assess, prioritize and report on material IT risks for IT and aligned business areas. This will require working with risk owners under various VP/leadership teams.
• Identify, assess, prioritize and report on IT risk for relevant business areas.
• Conduct detailed IT risk assessments and ensure that IT Risk assessments and outputs are recorded in enterprise tools and are in full compliance with defined policies and common standards, including the IT Risk Management Policy and Framework.
• Perform IT risk control testing and monitoring (as applicable) and ensure that testing activities are conducted in compliance with governing regulations, internal policies and procedures.
• Perform IT risk reporting, coordination and monitoring (as applicable) for OSFI obligations programs from the Bank for IB subsidiaries.

Education / Experience
Must have

• Degree in Computer Science, Engineering, Business Commerce or equivalent experience.
• At least B2 English level.
• Candidates should have IT and risk management experience (governance, cybersecurity, operations, audit, control functions, compliance and risk management).
• At least 5 years of IT risk management experience.
• Strong PPT, Excel and presentation preparation skills are expected. Strong data analytics background.

Nice to have

• Additional relevant Certifications would be an asset. ITIL Foundation Cert. in ITSM, COBIT, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) or Certified in Risk and Information System Control (CRISC) are desirable.
• Visual dash-boarding (PowerBI/Tableau).

Location(s): Colombia : Bogota : Bogota

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know.

Requisition ID:

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

Plays an important role in the Bank’s Three Lines of Defense Framework, providing First Line of Defense for IB and the Bank for all technology risk domains, including Cyber Security, Data Privacy, Software Currency, Disaster and Backup Recovery, Third Party Management, Identity and Access Management and Audit and Regulatory issue remediation.

• Work with the Director: Identify, assess, prioritize and report on material IT risks for IT and aligned business areas. This will require working with risk owners under various VP/leadership teams.
• Identify, assess, prioritize and report on IT risk for relevant business areas.
• Conduct detailed IT risk assessments and ensure that IT Risk assessments and outputs are recorded in enterprise tools and are in full compliance with defined policies and common standards, including the IT Risk Management Policy and Framework.
• Perform IT risk control testing and monitoring (as applicable) and ensure that testing activities are conducted in compliance with governing regulations, internal policies and procedures.
• Perform IT risk reporting, coordination and monitoring (as applicable) for OSFI obligations programs from the Bank for IB subsidiaries.

• Degree in Computer Science, Engineering, Business Commerce or equivalent experience.
• At least B2 English level.
• Candidates should have IT and risk management experience (governance, cybersecurity, operations, audit, control functions, compliance and risk management).
• At least 5 years of IT risk management experience.
• Strong PPT, Excel and presentation preparation skills are expected. Strong data analytics background.

• Additional relevant Certifications would be an asset. ITIL Foundation Cert. in ITSM, COBIT, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) or Certified in Risk and Information System Control (CRISC) are desirable.
• Visual dash-boarding (PowerBI/Tableau).

Location(s): Colombia : Bogota : Bogota

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.

Requisition ID:

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

Purpose

Plays an important role in the Bank’s Three Lines of Defense Framework, providing First Line of Defense for IB and the Bank for all technology risk domains, including Cyber Security, Data Privacy, Software Currency, Disaster and Backup Recovery, Third Party Management, Identity and Access Management and Audit and Regulatory issue remediation.

The role supports the Director, IT Risk to achieve IB’s top priorities of Stability and Risk Reduction by collaboratively assessing, analyzing and quantifying IT risk, designing controls and assisting in their implementation. Part of a strategic and comprehensive IT Risk Management function ensures control implementation in accordance with regulatory expectations, risk appetite, organizational risk practices and evolving business practices.

Key Accountabilities

• Work with the Director: Identify, assess, prioritize and report on material IT risks for IT and aligned business areas. This will require working with risk owners under various VP/leadership teams.
• Identify, assess, prioritize and report on IT risk for relevant business areas.
• Conduct detailed IT risk assessments and ensure that IT Risk assessments and outputs are recorded in enterprise tools and are in full compliance with defined policies and common standards, including the IT Risk Management Policy and Framework.
• Perform IT risk control testing and monitoring (as applicable) and ensure that testing activities are conducted in compliance with governing regulations, internal policies and procedures.
• Perform IT risk reporting, coordination and monitoring (as applicable) for OSFI obligations programs from the Bank for IB subsidiaries.

Education / Experience

Must have

• Degree in Computer Science, Engineering, Business Commerce or equivalent experience.
• At least B2 English level.
• Candidates should have IT and risk management experience (governance, cybersecurity, operations, audit, control functions, compliance and risk management).
• At least 5 years of IT risk management experience.
• Strong PPT, Excel and presentation preparation skills are expected. Strong data analytics background.

Nice to have

• Additional relevant Certifications would be an asset. ITIL Foundation Cert. in ITSM, COBIT, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) or Certified in Risk and Information System Control (CRISC) are desirable.
• Visual dash-boarding (PowerBI/Tableau).

Location(s): Colombia : Bogota : Bogota

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here . Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.

Requisition ID:

Thanks for your interest in ScotiaTech, Scotiabank's new and innovative Technology hub in Bogota.

Join a purpose driven winning team that promotes creativity and innovation in a fast-paced environment, where we’re always committed to results, in an inclusive, diverse, and high-performing culture.

Purpose

Contributes to the overall success of first line Technology as well as Internal Controls & Regulatory Management (ICRM) ensuring specific individual goals, plans, initiatives are executed / delivered in support of IT&S and the businesses strategies and objectives.

Directly support the relevant IT Risk / ICRM Team to collaboratively assess, evaluate and quantify IT risk, design controls and assist in their implementation within the business line.

• Support the IT Risk team in providing the 1st Line of Defense (1B) function in technology with ongoing guidance to support the implementation of, and compliance to established IT Standards, Policies, Procedures, regulatory and cyber requirements through active engagement, guidance and counselling.
• Provide support to 1st Line of Defense (1A) teams, Risk owners, to build their capability to identify, assess, mitigate and monitor risks associated with their use of information and IT systems.
• Conduct risk assessments, Risk Control Self-Assessments (RCSAs) and ensure observations, issues and outputs are recorded in enterprise tools; support IT risk control testing and monitoring and help Risk Owners with remediation plans.
• Identify, review and triage risk incidents, support root cause analyses.
• Ensure that IT Risk assessments and outputs are recorded in enterprise tools and that status is updated periodically.
• Perform gap analyses to identify non-compliance with new risk controls, frameworks, policies, risk indicators, metrics and limits and track remediation status.
• Monitor performance of KPIs and KRIs. Operationalize programs to improve KRI performance to meet banks risk tolerance.
• Support IT Risk / ICRM team to provide governance of and track SOX evidence collection.
• Advocate for IT Risk / ICRM and promote a strong risk culture in partnership with the risk owner.

(include secondary Manager if applicable)

• Not applicable

No direct reports. Direct reporting line to IT Risk Specialist, CCA Technology. IT portfolio of approx. 250 banking applications. No budget, project or financial oversight.

• Experience with ITSM tools (ServiceNow, a plus) with strong understanding of SRE and service management principles.
• Knowledge of IT Asset management tools, providing support to asset owners in the onboarding and maintenance of their applications in the tool, monitor processes and the data quality of corresponding portfolio information assets through the tools.
• Candidates should have a breadth of IT, and/or non-financial Risk management experience (governance, operations, audit, control functions, compliance, risk management) over 3+ years.
• Candidate requires intermediate communication (both verbal and written) supported by analytical competencies. Proficient written and verbal communication required at all levels of the organization is essential.
• Requires expert IT Risk management experience in 1+ areas including but not limited to systems design, security, availability/stability/resiliency, disaster recovery, third party risk management, change management, release management, audit, regulatory risk, logical access, software currency. Exposure to cloud controls would be an asset.
• Strong Microsoft Excel and data analytics skills expected.
• Knowledge or understanding of Risk / Control frameworks is desirable (ITIL, ISO, COBIT, NIST).
• Degree or diploma in Computer Science, Engineering, Business Commerce or equivalent experience. Any relevant Certifications would be an asset – C ISA, CRISC, CISSP, ITIL Foundation Certification in IT Service Management (ITSM), COBIT.

• Work in a standard office-based environment, remote or in bank buildings; your portfolio may dictate working hours aligned to other geographies and time zones.
• Travel to International locations may be required.
• Multiple and at times conflicting priorities arise with most work required under tight project’s deadlines.

#COLGBS

Location(s): Colombia : Bogota : Bogota

ScotiaTech is a business unit within ScotiaGBS, a Scotiabank Group company located in Bogota, Colombia. The ScotiaTech hub was created to support different technology systems and processes of the Bank. We offer an inclusive, positive work environment, and competitive benefits.

At ScotiaTech, we value the unique skills and experiences each individual brings and are committed to creating and maintaining an inclusive and accessible environment for everyone.Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at ScotiaTech; however, only those candidates who are selected for an interview will be contacted.

Requisition ID: Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

Purpose

Plays an important role in the Bank’s Three Lines of Defense Framework, providing First Line of Defense for IB and the Bank for all technology risk domains, including Cyber Security, Data Privacy, Software Currency, Disaster and Backup Recovery, Third Party Management, Identity and Access Management and Audit and Regulatory issue remediation.

The role supports the Director, IT Risk to achieve IB’s top priorities of Stability and Risk Reduction by collaboratively assessing, analyzing and quantifying IT risk, designing controls and assisting in their implementation. Part of a strategic and comprehensive IT Risk Management function ensures control implementation in accordance with regulatory expectations, risk appetite, organizational risk practices and evolving business practices.

Key Accountabilities

• Work with the Director: Identify, assess, prioritize and report on material IT risks for IT and aligned business areas. This will require working with risk owners under various VP/leadership teams.
• Identify, assess, prioritize and report on IT risk for relevant business areas.
• Conduct detailed IT risk assessments and ensure that IT Risk assessments and outputs are recorded in enterprise tools and are in full compliance with defined policies and common standards, including the IT Risk Management Policy and Framework.
• Perform IT risk control testing and monitoring (as applicable) and ensure that testing activities are conducted in compliance with governing regulations, internal policies and procedures.
• Perform IT risk reporting, coordination and monitoring (as applicable) for OSFI obligations programs from the Bank for IB subsidiaries.

Education / Experience

Must have

• Degree in Computer Science, Engineering, Business Commerce or equivalent experience.
• At least B2 English level.
• Candidates should have IT and risk management experience (governance, cybersecurity, operations, audit, control functions, compliance and risk management).
• At least 5 years of IT risk management experience.
• Strong PPT, Excel and presentation preparation skills are expected. Strong data analytics background.

Nice to have

• Additional relevant Certifications would be an asset. ITIL Foundation Cert. in ITSM, COBIT, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) or Certified in Risk and Information System Control (CRISC) are desirable.
• Visual dash-boarding (PowerBI/Tableau).

Location(s): Colombia : Bogota : Bogota Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets. At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here . Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted. #J-18808-Ljbffr

Requisition ID:

Thanks for your interest in ScotiaTech, Scotiabank's new and innovative Technology hub in Bogota.

Join a purpose driven winning team that promotes creativity and innovation in a fast-paced environment, where we’re always committed to results, in an inclusive, diverse, and high-performing culture.

Purpose

Contributes to the overall success of first line Technology as well as Internal Controls & Regulatory Management (ICRM) ensuring specific individual goals, plans, initiatives are executed / delivered in support of IT&S and the businesses strategies and objectives.

Directly support the relevant IT Risk / ICRM Team to collaboratively assess, evaluate and quantify IT risk, design controls and assist in their implementation within the business line.

• Support the IT Risk team in providing the 1st Line of Defense (1B) function in technology with ongoing guidance to support the implementation of, and compliance to established IT Standards, Policies, Procedures, regulatory and cyber requirements through active engagement, guidance and counselling.
• Provide support to 1st Line of Defense (1A) teams, Risk owners, to build their capability to identify, assess, mitigate and monitor risks associated with their use of information and IT systems.
• Conduct risk assessments, Risk Control Self-Assessments (RCSAs) and ensure observations, issues and outputs are recorded in enterprise tools; support IT risk control testing and monitoring and help Risk Owners with remediation plans.
• Identify, review and triage risk incidents, support root cause analyses.
• Ensure that IT Risk assessments and outputs are recorded in enterprise tools and that status is updated periodically.
• Perform gap analyses to identify non-compliance with new risk controls, frameworks, policies, risk indicators, metrics and limits and track remediation status.
• Monitor performance of KPIs and KRIs. Operationalize programs to improve KRI performance to meet banks risk tolerance.
• Support IT Risk / ICRM team to provide governance of and track SOX evidence collection.
• Advocate for IT Risk / ICRM and promote a strong risk culture in partnership with the risk owner.

(include secondary Manager if applicable)

• Not applicable

No direct reports. Direct reporting line to IT Risk Specialist, CCA Technology. IT portfolio of approx. 250 banking applications. No budget, project or financial oversight.

• Experience with ITSM tools (ServiceNow, a plus) with strong understanding of SRE and service management principles.
• Knowledge of IT Asset management tools, providing support to asset owners in the onboarding and maintenance of their applications in the tool, monitor processes and the data quality of corresponding portfolio information assets through the tools.
• Candidates should have a breadth of IT, and/or non-financial Risk management experience (governance, operations, audit, control functions, compliance, risk management) over 3+ years.
• Candidate requires intermediate communication (both verbal and written) supported by analytical competencies. Proficient written and verbal communication required at all levels of the organization is essential.
• Requires expert IT Risk management experience in 1+ areas including but not limited to systems design, security, availability/stability/resiliency, disaster recovery, third party risk management, change management, release management, audit, regulatory risk, logical access, software currency. Exposure to cloud controls would be an asset.
• Strong Microsoft Excel and data analytics skills expected.
• Knowledge or understanding of Risk / Control frameworks is desirable (ITIL, ISO, COBIT, NIST).
• Degree or diploma in Computer Science, Engineering, Business Commerce or equivalent experience. Any relevant Certifications would be an asset – C ISA, CRISC, CISSP, ITIL Foundation Certification in IT Service Management (ITSM), COBIT.

• Work in a standard office-based environment, remote or in bank buildings; your portfolio may dictate working hours aligned to other geographies and time zones.
• Travel to International locations may be required.
• Multiple and at times conflicting priorities arise with most work required under tight project’s deadlines.

#COLGBS

Location(s): Colombia : Bogota : Bogota ScotiaTech is a business unit within ScotiaGBS, a Scotiabank Group company located in Bogota, Colombia. The ScotiaTech hub was created to support different technology systems and processes of the Bank. We offer an inclusive, positive work environment, and competitive benefits.

At ScotiaTech, we value the unique skills and experiences each individual brings and are committed to creating and maintaining an inclusive and accessible environment for everyone.Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at ScotiaTech; however, only those candidates who are selected for an interview will be contacted.

Job Purpose

Information risk refers to the risks related to Technology, Information Security and Data quality. Given Admiral’s focus on being a data and technology driven company, Information Risk is a key risk area. The role is based in the AECS Risk team, with responsibility for oversight and challenge of all Information risks including Technology, Information Security and Data quality. The successful applicant will work collaboratively with other teams including all areas of IT, Information Security and Data.

• Responsible for oversight and challenge of Information risks across EU entities, including Information Security, Technology and Data quality risks.
• Act as the subject matter expert within the EU Corporate Governance functions for Information risk management and security related matters.
• Leading on independent risk / security assessments of the key Information and Security risks and controls across EU, identifying, assessing, escalating and reporting on potential information risks and issues to Admiral.
• Responsible for oversight and challenge of the business response to Technology and Information Security risk incidents and events throughout EU.
• Providing review and challenge for EU change projects related to Technology, Information Security and Data via steering committee membership or undertaking project risk reviews.
• Developing the Information risk framework within EU including the implementation and embedding of the tools, policies, standards and procedures required to support the risk oversight and assessment activities.
• Promote and embed Enterprise Risk Management (ERM) processes, awareness and understanding across the EU Technology, Information Security and Data teams in order to maintain operational resilience, minimising customer detriment and financial losses.
• Assess the impact of Technology and Data change within the business against Admiral’s risk profile, ensuring timely identification of key themes and emerging risks, issues and exposure, and providing recommendations to management to mitigate and resolve potential issues.
• Reporting and escalating on risks and issues to senior managers, heads of department, Corporate governance teams and relevant working groups, management committees and Boards.
• Monitoring and assessing EU’s compliance with Group & AECS/AIS Policies and Group Minimum Standards in relation to IT and Information Security.
• Represent EU Risk in relevant Committees, working groups and meetings.
• Develop and maintain key stakeholder relationships across EU, performing the role as a ‘critical friend’ to the business.

This is not a full definition of the role but covers the main aspects and drivers for success.

• Professional Expertise
  • Possess the ability to make effective and informed decisions.
  • Keep up to date with the latest legislation and regulations that apply to Information Risks.
• Initiative and pro-activity
  • Demonstrate an ability to seize opportunities without waiting for an event or having to be told.
  • Quickly understands the business issues and challenges of the business.
• Planning and Organising
  • The ability to develop clear, efficient and logical approaches to work.
  • The ability to tackle issues and problems in a logical, step-by-step way.
• Customer focus
  • The ability to understand the needs and priorities of customers (inside and outside the organisation) and the desire to meet their expectations.
• Communication
  • Ensure that all communication is clear and appropriate for its intended audience.
  • Able to communicate with employees of all levels including senior management.
  • Able to influence and challenge stakeholders and senior management.

Essential:

• Commercially aware, proactive, forward looking, inquisitive and attention to detail.
• Working on own initiative, with the ability to introduce fresh thinking to the role and the wider Risk team.
• Excellent communication skills (both written and verbal) and stakeholder management.
• Excellent interpersonal and influencing skills.
• Passionate to learn about securing emerging threats and technologies
• A strong knowledge and understanding of Technology and/or Information Security risks and frameworks. Proved hands on Experience in managing information technology risks.
• Understanding of the three lines of defence model to corporate governance.
• Proved hands on Experience in managing information technology risks.

Desirable:

• Experience working in IT and/or Information Security Teams.
• Familiarity and experience implementing Enterprise Risk Management framework
• Knowledge of industry best practices / risk frameworks for IT and Security risk management is desired

Job Purpose

Information risk refers to the risks related to Technology, Information Security and Data quality. Given Admiral’s focus on being a data and technology driven company, Information Risk is a key risk area. The role is based in the AECS Risk team, with responsibility for oversight and challenge of all Information risks including Technology, Information Security and Data quality. The successful applicant will work collaboratively with other teams including all areas of IT, Information Security and Data.

• Responsible for oversight and challenge of Information risks across EU entities, including Information Security, Technology and Data quality risks.
• Act as the subject matter expert within the EU Corporate Governance functions for Information risk management and security related matters.
• Leading on independent risk / security assessments of the key Information and Security risks and controls across EU, identifying, assessing, escalating and reporting on potential information risks and issues to Admiral.
• Responsible for oversight and challenge of the business response to Technology and Information Security risk incidents and events throughout EU.
• Providing review and challenge for EU change projects related to Technology, Information Security and Data via steering committee membership or undertaking project risk reviews.
• Developing the Information risk framework within EU including the implementation and embedding of the tools, policies, standards and procedures required to support the risk oversight and assessment activities.
• Promote and embed Enterprise Risk Management (ERM) processes, awareness and understanding across the EU Technology, Information Security and Data teams in order to maintain operational resilience, minimising customer detriment and financial losses.
• Assess the impact of Technology and Data change within the business against Admiral’s risk profile, ensuring timely identification of key themes and emerging risks, issues and exposure, and providing recommendations to management to mitigate and resolve potential issues.
• Reporting and escalating on risks and issues to senior managers, heads of department, Corporate governance teams and relevant working groups, management committees and Boards.
• Monitoring and assessing EU’s compliance with Group & AECS/AIS Policies and Group Minimum Standards in relation to IT and Information Security.
• Represent EU Risk in relevant Committees, working groups and meetings.
• Develop and maintain key stakeholder relationships across EU, performing the role as a ‘critical friend’ to the business.

This is not a full definition of the role but covers the main aspects and drivers for success.

• Professional Expertise
  • Possess the ability to make effective and informed decisions.
  • Keep up to date with the latest legislation and regulations that apply to Information Risks.
• Initiative and pro-activity
  • Demonstrate an ability to seize opportunities without waiting for an event or having to be told.
  • Quickly understands the business issues and challenges of the business.
• Planning and Organising
  • The ability to develop clear, efficient and logical approaches to work.
  • The ability to tackle issues and problems in a logical, step-by-step way.
• Customer focus
  • The ability to understand the needs and priorities of customers (inside and outside the organisation) and the desire to meet their expectations.
• Communication
  • Ensure that all communication is clear and appropriate for its intended audience.
  • Able to communicate with employees of all levels including senior management.
  • Able to influence and challenge stakeholders and senior management.

Essential:

• Commercially aware, proactive, forward looking, inquisitive and attention to detail.
• Working on own initiative, with the ability to introduce fresh thinking to the role and the wider Risk team.
• Excellent communication skills (both written and verbal) and stakeholder management.
• Excellent interpersonal and influencing skills.
• Passionate to learn about securing emerging threats and technologies
• A strong knowledge and understanding of Technology and/or Information Security risks and frameworks. Proved hands on Experience in managing information technology risks.
• Understanding of the three lines of defence model to corporate governance.
• Proved hands on Experience in managing information technology risks.

Desirable:

• Experience working in IT and/or Information Security Teams.
• Familiarity and experience implementing Enterprise Risk Management framework
• Knowledge of industry best practices / risk frameworks for IT and Security risk management is desired