Information Management Risk Specialist - London - London, United Kingdom,
Information Security and Information Management Risk Specialist
Full time, Perm
The main purpose of the role is to assist the Head of IT, Information Security and Information Management Risk, using specialist technical knowledge and experience, to provide second line oversight of the process to effectively identify, quantify and manage the IT Operational Risk profile of the client as well as ensuring operation of a robust IT risk control infrastructure
What are the key responsibilities?
* Support the Head of IT and Information Security Risk on the second line responsibilities relating to the embedding of the Enterprise Risk Management Framework (ERMF) for the quantification and validation of Information Security and Information risks principally within Information Security (IS) although may be involved in other designated Functions.
* Assist with the development and roll out of wide risk policies, including oversight of the annual refresh and compliance assessments performed by the first line in relation to operational risk across IS and other designated Functions, annually reviewing the effectiveness of their operation and providing input into the updating of the policies in line with good practice and regulatory
* Provision of guidance and advice (subject matter expertise) to IS regardingERMF, policies and procedures including:
* Providing the IS and Data Management policy owners with support in the application of the Group Policy
* Overseeing the exemptions and waivers process for the II and Data Management
* Escalating/communicating effectively with IS and Data Management policy specialists areas of concern to support them in their oversight responsibilities for policy compliance across the
* Lead and contribute to the second line assessment and sign off of the Letter of Representation (LoR) for
* Provide oversight and challenge of all levels of management within IS to ensure that operational risk is being managed within stated risk appetite and supporting the wider Risk team in the provision of effective, efficient and consistent oversight, challenge, advice and assurance in line with strategy, ERMF, policy and standards for the management of
* Input to risk and IS governance forums and senior management in relation to IS and other designated Functions as
* Encouraging continuous improvement, regularly reviewing and optimising the content of IS risk management information through engagement, advice and challenge, and influence the businesses and IS in the adoption of consistent risk reporting
* Oversee the production and review of risk related content of external reporting across the Group, including public reporting and reporting to regulators or other supervisory bodies such as rating
* Co-ordinate and collaborate with the Governance, Risk and Compliance (GRC) team within IS to assist with the design and implementation of the ERMF and oversight of risk management
What do we require from you?
* Comprehensive understanding and level of experience in IS and risk management within the financial services
* Experience and knowledge of the key IS and Data Management processes and associated IS risks and general
* Experience of applying relevant ISO standards in assessing and managing IS risk.
* Previous experience in Operational Risk or Internal Audit within a financial services
* Would suit an IS auditor looking to move into a second line
* Great stakeholder management
* Strong communication skills both written and
* Appropriate technical knowledge of the content and application of the ISO standards affecting IS and Data Management