IT Risk Director

About us

Avencia Consulting are currently recruiting on behalf of a well known Insurer based in the City who are looking for an IT Risk Director to join the London office.

The role

The business is searching for a talented, experienced IT Risk Director to join its expanding Risk Management team. The IT Risk Director will have the opportunity to work closely with senior business leaders to drive enhancements and execute the company''s global risk framework. This person will also have regular and direct access to the Global Chief Risk Officer, Executive Committee and Management Committee Members, Senior IT and Operational functional leaders. The Risk Management team covers a comprehensive view of enterprise risks including strategic, operational, service, regulatory and financial risks.

The role will offer significant growth potential as part of a team that covers the entirety of the rapidly growing Group. The individual will be expected to act independently and to manage elements of the Risk Management Framework with little day-to-day oversight. The IT Risk Director is a senior position and will be expected to use their skills to help influence our nimble and innovative business. This role will provide unique insight and access into the world-class underwriting process and market-leading proprietary systems along with all other key functions for the business.

The IT Risk Director will be instrumental in establishing the ongoing monitoring of the IT-related risks for the portfolios under the businesses management, including Lloyd''s of London syndicates and the company market. The role will serve in an oversight capacity over the breadth of the IT-related related risks across the Group. In addition to the standard risk categories (e.g. strategy, systems availability and integrity, cyber security and data confidentiality, access, service support, infrastructure and asset management), the IT Risk Director will be expected to work with the business to develop an approach to overseeing the use and opportunities relating to artificial intelligence.

Key accountabilities

• The IT Risk Director will take primary responsibility for the following:
• Managing the quarterly risk review (QRR) and risk radar process for IT risk categories which are performed predominantly with the key function leaders and control owners
• Drafting IT inputs to regular reports to Boards, Board Committees and Management Committees across the Group
• Maintaining, enhancing and embedding the Information, Communication and Technology (ICT) Risk Framework, including the development of IT risk policies where required.
• Developing and embedding IT-related 2LOD risk policies and frameworks where required
• Coordinating impacts of IT operational and control activity impacting the risk register as well as related stakeholders including Compliance, Internal Audit and SOX (carriers)
• Taking the lead on IT Risk Incident responses
• Developing a working understanding of new IT-related risks or controls
• Keep the risk register (Decision Focus) current for IT-related risks, controls and accountability

• The IT Risk Director will support the Risk team in the following activities:
• Work collaboratively with the first line of defence to develop and enhance key risk policies, procedures and standards - including annual reviews
• Work collaboratively with the various non-IT business functions to consider impacts of IT systems, capabilities and controls
• Develop strong working relationships with key IT stakeholders including: Head of IT, Chief Technology Officer, Chief Data Officer, Head of IT Risk and Compliance (1LOD), Head of Infrastructure, Head of Cyber Security and others
• Develop and deliver IT risk training where appropriate and required
• Maintain strong working relationship with risk and control functions in partner organisations
• Supporting the business to keep wind-down (resolution) plans current and relevant

• Key stakeholders include:
• The Fidelis Partnership Boards, Board Committees and Management Committees
• Fidelis Insurance Group - CRO, SOX Compliance Team, IT and Operations and Head of Internal Audit
• Asta Managing Agency as the managing agency for TFP Lloyd''s business
• The Fidelis Partnership functional leaders in London, Dublin, Bermuda, Brussels and Abu Dhabi
• Key service providers, including off-shore support in Noida, India
• Heads of functions across The Fidelis Partnership

Skills & experience

• University degree, preferably in Computer Science, Information Technology, Mathematics, Science or Economics
• Strong preference for candidates with advanced degree or relevant industry qualifications (e.g., CISA, CRISC, CISM)
• Strong academic background and mathematical acumen
• Experience with industry standard IT risk management frameworks (e.g., NIST, ISO 27001, Cyber Essentials, COBIT, COSO)
• 10+ years'' experience in the IT Risk sector (Risk Management, External Audit, Internal Audit), preferably with a strong understanding of the insurance industry
• Excellent Microsoft Office skills, in particular Microsoft Excel, PowerPoint and PowerBI
• Experience working with Financial Regulators across multiple jurisdictions (e.g., PRA/FCA, CBI, BMA, FSRM)
• Must be a strong critical thinker who can interrogate the data to ensure it makes sense and provide challenge when required
• Must be able to balance working on detailed projects and maintaining the ability to step back to understand enterprise risks
• Must be able to respond positively during busy periods through multi-tasking and effective prioritization against needs of business