IT Risk Manager

  • Location:

    Hertfordshire, England

  • Sector:

    IT Security

  • Job type:


  • Salary:


  • Contact:

    Lizzie Dann

  • Contact email:


  • Job ref:


  • Published:

    21 days ago

  • Expiry date:


  • Consultant:

    Elizabeth Dann

Job Title: Information Technology Risk Manager

Location: Hertfordshire

Salary: Competitive Salary + Benefits

Work Pattern: In office one day a week

This is an amazing opportunity to join a leading Insurance company in Hertfordshire as an IT Risk Manager. This company have doubled their headcount in the past two years and are taking the market by storm.

As a IT Risk Manager you will be working alongside the CRO and IT General Management team to oversee and monitor the Group IT Risk and Governance Framework and to engage with stakeholders and senior management, for the delivery of controls relating to IT risks on IT Security, IT Continuity, IT Governance, IT HR Management, IT Legal aspects, IT Sourcing / IT procurement, IT Compliance, IT Obsolescence, IT Execution processes, Shadow IT, IT Licenses, Datacenters and IT Outsourcing.

Responsibilities of the IT Risk Manager:

  • Perform IT Risk Analysis, to identify and assess the risk to IT and applications.
  • Ensure reporting to relevant stakeholders for IT risk management those risks that have a "material" impact on the objectives or results, and are of a nature that requires the stakeholder's attention.
  • Identify the means and follow action plans to respond to IT risks
  • Manage the process for acceptance of IT Risks, ensuring that the non-tolerable IT risks are formally accepted by the relevant stakeholders and monitored following the defined process.
  • Oversee and report on the output of control activities relating to IT risk conducted by the first line of defence.
  • Analyse the results of the controls to identify specific risks and register them into the IT Risk Register or the Group Risk Register (as appropriate).
  • Participate in the work of the IT Risk committee in order to provide to the COO with challenge of the IT Risks status.
  • Oversee the closure of recommendations related to the Group issued by the Group's internal or external auditors and / or control functions in accordance with the objectives of risk coverage and planning.
  • Monitor the conformity level for all IT governance rules with declaration of any non-compliance.
  • Review and assess the analysis of significant incidents by the first line of defence to help estimate the level of operational risk.
  • Review the output of IT Risk Maturity Evaluation.
  • Review and challenge the IT Risk Mapping.
  • Ensure communication and awareness on good IT risk management practices.
  • Give the Board of Directors a clear view of all the risks within individual areas of the business or affecting the business as a whole and information on the mitigation or management of those risks;
  • Assist in the identification and management of all operational risk incidents with oversight of all actions necessary for closure;
  • Deliver reporting to the Risk & Audit Committee, Executive Risk and Control Committee, Investment & Capital Committee, Underwriting Credit and ALM Risks Committee, Customer & Conduct Committee, Cyber & IT Risk Committee and Vendor Risk Management Forum.

Preferred Experience:

  • 5 years' experience in Security and Risk
  • Knowledge of IT risk management and analysis methods
  • Good knowledge of IT organisations and professions
  • Experience with attack monitoring and Intrusion Detection (IDS/IPS), SIEM, Anti-Virus, WAF, Firewalls, Identity and Access Management (IAM), patch management, and encryption,
  • Experience with, and in-depth understanding of security vulnerability tools, techniques, and standards used to conduct penetration testing
  • Knowledge of regulations and frameworks related to IT Security and Personal Data Protection will be an asset
  • An understanding of CIS20, NIST, ISO 27001/22301 and SOC 2 frameworks.
  • Security related degrees and/or relevant industry qualifications such as CRISC, CISSP, CISA, CISM, CIS20, CEH and OSCP, or equivalent.

Oscar Technology is acting as an Employment Agency in relation to this vacancy.

To understand more about what we do with your data please review our privacy policy in the privacy section of the Oscar website.