IT Risk Manager

Emerald Group
West Yorkshire
A competitive salary plus bonus & benefits
01 Oct 2019
31 Oct 2019
Contract Type

Team purpose

The purpose of risk management is to safeguard the organisation, its customers, reputation, assets and the interests of stakeholders by identifying and managing all threats to the achievement of its business objectives.

What would you be responsible for in this role?

The IT Risk Manager is responsible for:

  • All aspects mentioned below, but with specific emphasis on Information Technology (IT)
  • Identifying the external and internal risks that Insurance faces, evaluating, with the risk owner, the likely effect of these risks, introducing a range of control measures and monitoring and evaluating the success of these measures:
  • ·Using initiative and discretion in dealing with risk matters of a confidential or sensitive nature ·Driving through solutions and ensuring that risks are properly managed ·Developing excellent working relationships with the business to ensure that risk management is embedded throughout the organisation as appropriate ·Promoting a risk culture within the organisation ·Providing the 2nd line of defence role over the 1st line of defence
  • Operate as the recognised Company expert in Information Technology Risk and advise and educate staff, at all levels, on risk matters
  • Identify and implement best practice, and roll out the Risk Management toolkit across the business:
  • ·Ensure adherence to risk management policy ·Ensure adherence to risk appetite statements ·Develop and maintain “Detailed Risk and Control Assessments” (DRACAs), risk registers, the company-wide Key Risk Register, and heat maps ·Encourage the reporting of incidents and work with the business to identify, assess, manage and report loss events to senior management ·Develop and implement Key Risk Indicators and other appropriate risk management MI
  • Provide risk management guidance, support, education and training to staff at all levels
  • Monitor, evaluate and challenge the organisation’s success in managing its risks
  • Ensure that the assessments of control effectiveness made by business areas / management in their respective DRACAs are sufficiently robust and supported by evidence, ensuring that key controls are maintained and any weaknesses in control processes addressed
  • To be alert to potential regulatory and business risks, to ensure that these risks are included in any risk evaluation by the business
  • Implement and maintain an Internal Control Monitoring programme aligned to the DRACA including:
  • ·Creation of test plans for each individual DRACA control ·Comprehensive testing and reporting against each test plan ·Communication and agreement of Control Monitoring reports to Executive Directors ·Ongoing monitoring of action plans
  • Ensure that Company-wide policies are in place, current, and appropriately approved
  • Lead and represent Risk Management with the IT Portfolio Team on all IT based project risk
  • In the absence of the Head of Operational Risk and Compliance, represent Risk Management in all key IT Group meetings
  • Training and mentoring of more junior members of staff

Complete other activity over and above those listed in the role profile, appropriate to your skills and experience.

Leading their people

  • Lead with integrity
  • Act in a proactive and decisive way when taking the lead on tough decisions
  • Foster collaboration through clear and inclusive communications
  • Initiate and drive positive change
  • Recognise and nurture talent and future successors
  • Create a culture of success
  • Positively challenge yourself and your team to take ownership for delivery
  • Act with resilience, resourcefulness and maintain strong belief
  • Support and promote a culture which is genuinely inclusive and respectful

Customer experience

  • Make sure that you treat all their customers with the principles of Treating Customers Fairly (TCF)
  • Understand how you play a part in the Customer Experience
  • Provide a service to all of their customers (internal and external) that is memorable for the right reasons and builds their reputation as a great company to work for and do business with

Doing the right thing

  • Make sure that everything you do fits in with the legal requirements,  Insurance policies and regulatory requirements
  • Be aware of threats to their organisation and customers (e.g. financial crime, fraud and money laundering)
  • Taking the appropriate action to minimise the impact of risks to their business (e.g. by following processes and reporting any concerns to your manager)
  • Treating the personal data of their customers, employees and other individuals lawfully and in accordance with current Data Protection laws, and other related legislation

What would they like to see in you?


  • Skills/capabilities
  • ·High standard of written and verbal communication and the ability to disseminate complex details and concepts to all staff levels ·The ability to challenge assumptions, identify and understand complex issues and escalate as appropriate ·Engendering support of senior executives across the business and functions, some of whom will have competing priorities ·Developing excellent working relationships with the business to ensure that risk management is embedded throughout the organisation as appropriate ·Guides others in resolving complex issues using specialist risk management experience ·Influencing skills to gain buy-in from senior managers within the business ·Ability to work on own initiative, and independently with guidance only in the most complex situations
  • Behaviours
  • ·High degree of resilience ·Personal impact and ability to form effective relationships at the highest level and achieve influence at a senior level in the organisation ·Via relationship management, the ability to develop and maintain good working relationships with management teams across the business
  • Qualifications
  • ·Educated to degree level or equivalent
  • Experience and knowledge
  • ·Previous experience in a 2nd Line of Defence role supporting Information Technology ·The role holder will have IT risk and control evaluation programmes in an audit, internal controls or compliance monitoring environment and had input into the design of the programme ·Demonstrable risk management experience ·A strong track record of delivery of risk initiatives within the Financial Services sector

    Nice to Have:

  • Qualifications
  • ·Relevant professional qualification desirable but not essential
  • Experience and knowledge
  • ·Working knowledge of operational risk and firm understanding of insurance risk ·Strong understanding of risk management techniques and measures ·Detailed knowledge of control assurance methods ·Experience of documenting and evaluating processes

    What’s on offer?:

  • Opportunity to attain significant visibility across Senior Leadership in IT and broader management population
  • Responsible for Risk Management oversight in the Halifax site
  • Opportunities for formal Risk Management qualifications
  • Degree of flexible working if desired

Apply for IT Risk Manager

Already uploaded your CV? Sign in to apply instantly


Upload from your computer

Or import from cloud storage

Your CV must be a .doc, .pdf, .docx, .rtf, and no bigger than 1MB

4000 characters left

Marketing Communication

We'd love to send you information about Jobs and Services from Insurance Jobs by email.

All emails will contain a link in the footer to enable you to unsubscribe at any time.

When you apply for a job we will send your application to the named recruiter, who may contact you. By applying for a job listed on Insurance Jobs you agree to our terms and conditions and privacy policy. You should never be required to provide bank account details. If you are, please email us.

Similar jobs

Similar jobs