Working here is about being there for our customers; we’re available should the worst happen and we work together to enable social and financial equality across the UK.
But it’s also about you how you develop and what you can achieve. We’ll help your talent thrive in an environment where you’ll be supported to work flexibly and autonomously, sharing in our success and rewarded for a great performance with a generous benefits package.
From HR and Digital teams through to Group Finance, Risk, Shared Services IT, and Corporate Comms our Group function supports our businesses across the UK and abroad.
Delivering essential services and activities that have a real impact on our business and our customers lives, we enable our people to do what they do best, contributing to delivering a great customer service, profitability and strategic growth.
As a member of the IT Operational Risk team situated within Group Shared Services IT and functionally aligned to group and business division Risk functions, the IT Operational Risk Manager -
Group’ provides 2nd line of defence IT risk specialist oversight (advisory, review, and challenge) over 1st line IT risk management activities for group functions and business divisions.
The role line reports to the Operational Risk Consultant IT’. The purpose of the role is to limit the occurrence and business impacts of adverse events, while contributing to business success through management of IT Operational risk.
Develop and maintain proactive working relationships directly with all levels of management across business divisions and group functions (i.
e. including other 2nd line risk specialists, e.g. Chief Information Security Officer (CISO) Office, Conduct Risk teams, Division Operational Risk teams) to ensure on-
going timely identification, assessment, and management of IT operational risk across the business divisions and functions, in-
line with internal, legal and regulatory requirements. This will include IT Security and Cyber risk within Information security.
Advise business / IT management in understanding the entirety of their IT risk landscape, proactively develop the definition of risk appetite / Key Risk Indicator(s) and other reporting to monitor those risks, and advise on strategies to address items outside appetite.
Oversee the management and maintenance of risk processes and systems used to identify and monitor control effectiveness for key risks, and to ensure control deficiencies are addressed by management on a timely basis through mitigating actions and / or informed risk acceptance.
Ensure awareness and training on risk processes are undertaken where required. Represent Operational Risk by attending and challenging at key governance meetings (e.
g. key 3rd party IT supplier service & risk governance committees, IT Risk & Compliance Committee). Take the lead oversight role in ensuring that the appropriate controls are in place for any new or emerging technology delivered.
This includes representing Operational Risk & Compliance / Conduct risk in review and approval of any proposed or existing uses of externally hosted technologies (included cloud services) as part of an existing hosting governance process.
Provide review and challenge of high priority security, infrastructure and applications IT change projects and programmes.
Act as a key operational point of contact for internal and external audit with management, ensuring recommendations are comprehensively reviewed and implemented.
Work alongside the Conduct Risk & Compliance functions in assessing and pursuing the risk implications of FCA / PRA regulatory requirements with respect to management of IT Operational Risk.
Work routinely with other IT Operational Risk specialist resources across the group as a functional team to : share specialist skills / knowledge help to ensure specialist resource organizational coverage / redundancy develop and maintain a common / shared approach to IT risk oversight, standard reference controls, reporting, and sharing of best practices represent IT Operational Risk in group wide initiatives, working groups, and / or other committees from time to time Ensure technical and professional risk management expertise is developed and maintained.
Ensure IT risk management activities include due consideration to impacts and fair treatment of customers.
Qualifications, Knowledge and Skills :
Graduate or equivalent education / background
CISA, CRISC or equivalent experience.
Desirable : CISM, CISSP, ITIL, CoBIT 5
Expert knowledge in IT Risk Management : definition / design of risk appetite and other risk management metrics & information, Key Risk Indicators (KRI’s), risk assessment methodologies, policies, standards, controls, controls testing / monitoring, assurance, internal / external audit, regulatory, lines of defence risk framework.
Broad knowledge across all aspects of Information Technology management in a professional enterprise environment, also with in-
depth expertise in at least a three of the following areas :
IT Change : application / mobile / web development, systems development life cycle, project management (agile and waterfall methodologies), software quality IT Operations : production support & service (Service Level Management, Quality Assurance, Software Asset Management / Licensing, Configuration Management, Service Desk, Command Centre, Problem / Incident Management, Resource / Capacity Planning) IT Infrastructure engineering & systems administration (networks (firewalls (Cisco, Juniper), routers, Intrusion Prevention / Detection), mainframe, client computing, wintel server, domain controllers / active directory, iSeries / AS400, VMWare (Virtual Center & ESX Server), Citrix, Linux / Unix, Network Attached Storage (NAS), Storage Area Network (SAN), Backup, Batch Services, Middleware, Webhosting (IIS, iPlanet / SunOne, Websphere, Weblogic, Apache), Database administration (Oracle, Sybase, SQL Server (RDBMS), DB2) Cloud Architecture (e.
g. AWS, Microsoft Azure) IT Procurement and 3rd party supplier oversight IT Security, Cyber Risk, Identity & Access Management (IAM) IT Strategy & Architecture IT Finance & Resource planning IT Resilience : business continuity, disaster recover
Knowledge in a variety of financial services businesses and operating environments are preferable, particularly :
Banking (retail, commercial, institutional, or private) Asset Management Insurance Pensions, annuities Property fund management (commercial & residential) & development Note that adaptable, otherwise exceptional candidates with a background in other sectors can be successful in this role.
Good to exceptional knowledge in IT outsourcing (3rd party IT suppliers) relationship management and supplier oversight is required.
Desirable : some effective background in IT "hands on" experience in other types of IT roles (e.g. development, business systems analyst, software testing, project / programme manager, production support, IT relationship manager, etc.)
Strong analytical skills, enquiring mind, with a tenacious approach; accurate with attention to detail and facts. Ability to communicate and influence clearly and effectively.
Confident and able to present in structured manner. Ability to build effective relationships Strong organisation skills and drive Microsoft Office Word advanced user Excel advanced / power user
Powerpoint intermediate user
Whatever your role, we reward ability, performance and attitude with a package that looks after all the things that are important to you.
Our employees have a wide range of benefits including a generous pension scheme, life assurance, 30 days' holiday, private medical insurance, performance related bonuses, discounts at both a huge range of high street stores and our own great products, as well as a 12% car allowance scheme, your hard work will be rewarded when you join us.