Position Summary
The IT Risk Manager role serves as a best practice/quality contributor supporting the organisations’ IT & Ops Risk Management Programme. The individual will act as first line of defense providing RCG risk assessments and other risk management activities including risk identification, profiling, assessment, response, evaluation and advising on issues and remediations to support the overall IT & Ops organisation. This position supports the risk management activities in alignment with the Risk and Controls Governance framework.
This position requires the applicant to have an intermediate or expert level of understanding of IT & Operational risks and the execution of first line IT risk management processes and governance within a large institution. The applicant must also have good communication and management skills, and strong knowledge of industry best practices.
Key Responsibilities
Performs a combination of the following duties according to departmental guidelines:
Strategy and Transformation:
1. Align with Group RCG target state program based on the planned roadmap including governance, risk management methodologies, technology enablement and automation, metrics, and reporting.
2. Collaborate with the three lines of defense and other risk functions on behalf IT & Operations to support, enable and align the Risk and Controls Governance strategy within the broader CNA & CNA Hardy risk functions.
3. Engage stakeholders at all levels across businesses and divisions to ensure effective communication and sufficient stakeholder input and buy-in.
4. Help develop education, training, and awareness campaign materials regarding IT & Operations risks as well as critical communications to help provide clarity and adoption.
Operational Activities:
1. Execute Risk and Controls Governance operational activities including:
1. Risk profiling (inherent risk assessment).
2. Risk assessments for processes, applications, and infrastructure.
3. Risk and scenario analysis for IT & Operations risks.
4. Risk metrics and reporting.
5. Document and develop materials for leadership to review issues identified through these activities.
6. Help the business create, direct governance channels, and monitor execution of the risk response plans in alignment with methodology.
7. Act as the point of contact to assist and respond to questions from key stakeholders and the business; manage required escalations and communication.
8. Provide IT & Operational guidance and risk advisory support to key initiatives.
9. Develop materials to provide regular updates to CNA Hardy Executives on the overall health of the functional areas including preparing necessary information to facilitate management discussion and decision making.
10. May prepare and present training materials using methods appropriate to the audience.
11. Update management on the progress of owned tasks.
12. Escalate issues as appropriate.
13. Perform other duties as directed by the Performance & Governance Director, or CIO & Head of Transformation.
14. May perform other duties as assigned.
Skills, Knowledge & Abilities
1. Proven experience (5+ years desirable) with IT & Operations Governance and risk functions with a focus on identifying, assessing, and mitigating risks within a corporate environment.
2. Coordinate with support teams to troubleshoot issues and any planned activities. Ability to develop and maintain risk registers, control libraries, and compliance documentation.
3. Strong analytical skills to assess complex risks and recommend appropriate risk mitigation strategies and controls.
4. Experience in collaborating with cross-functional teams, including Operations, IT, security, compliance, and business units, to drive risk management initiatives.
5. Strong interpersonal skills to support stakeholder communication and engagement across departments.
6. Experience with technology process, risk and control frameworks.
7. IT Risk and Compliance, Audit, or Quality certifications desirable (e.g. CISSP, CISM, CISA, CIA, CRISC, CGEIT, CIAC, ISO, etc.).
8. Excellent interpersonal, consultative and communication skills. Ability to interact effectively at all levels with clients, consultants, vendors, peers, and IT management and staff.
9. At ease presenting to large audiences.
The Company
CNA Hardy is a leading specialist commercial insurance provider for clients within the Lloyd’s and company markets. We offer a highly specialised and comprehensive portfolio of innovative and market leading products. Coverage is available to businesses of all sizes for domestic, international and global exposures.
#J-18808-Ljbffr