Technology Risk Analyst

Division: Information Technology

Reports To: As per Beazley’s organisation chart

Key Relationships: Risk, Audit, Compliance, Information Security, Financial controls teams, General Management, IT/Data leadership and SME’s, Operational resilience, Procurement and Third-Party Management, COO general management, COO Business Risk and Controls team

Job Summary: The role will effectively support management and oversight of compliance across the IT and Data portfolio, ensuring robust risk, control management and assurance, internal and external audits, regulatory actions and workstreams. The role will play a part in developing and producing comprehensive monthly, quarterly, and ad-hoc risk and controls review and reporting, providing assurance to senior management and keeping them informed.

Key Responsibilities

• Risk Management
  • Support oversight risk identification, assessments, acceptances, and mitigation strategies within technology functions, ensuring appropriate controls are in place.
  • Support management of all risks, controls and incidents activities that fall under the IT and Data remit, liaising and ensuring alignment and collaboration with Group Risk management in maintaining and communicating up to date risk information.
  • Partner with relevant teams and SME’s to co-manage the existing controls to include alignment on priorities and performance expectations.
  • Support controls annual assessment and improvement plan for controls.
  • Support management of all IT and Data actions related to risk, assurance, controls.
  • Support the enhancement and management of the IT risk management process and IT/Data risk registers, and where applicable, alignment with functional and group risk management frameworks.
  • Support and monitor KPIs and KRIs for technology controls and risk exposure, supporting reporting for governance forums and senior management.
  • Where risks fall outside of appetite/tolerance, work with relevant stakeholders in developing and tracking a mitigation plan within reasonable timelines.
  • Support the identification of issues, issue management and remediation and provide reporting on risk/controls/KRIs to the relevant stakeholders.
  • Challenging business on risk and control matters (e.g., incidents, issues, and actions) and the overall management of control environment.
  • Support mapping policies, standards and controls to regulatory requirements and industry frameworks (DORA, CBI, CIS, ISO, NIST).
• Regulatory, Audit and Compliance
  • Support management of internal and external audit processes, ensuring timely and accurate responses to audit requests, and driving remediation of findings with timely closures of related actions.
  • Provide guidance and support to stakeholders regarding compliance and governance requirements.
  • Support maintenance of an IT compliance register, mapped with applicable regulatory requirements and associated controls.
  • Monitor changes in relevant laws and regulations and advising on impact and remediation, in conjunction with Compliance.
  • Ensure policies, standards and guidance are updated following any review activities such as (but not limited to) external audits, regulatory changes and any internal change/requirements.
  • Support the governance and communication of these updates to relevant stakeholders and committee/boards.
  • In collaboration with Compliance, support relevant teams in fulfilling regulatory deliverables and provide input on any required communication to a regulator (eg. CBI).
• Assurance
  • Develop and carry out an annual assurance programme for controls and policies under the IT and Data functions.

Personal Specification

Essential Criteria

• Extensive experience in governance roles, such as risk and controls, audit or compliance.
• Extensive experience in technology roles with excellent analytical and problem-solving abilities.
• Strong stakeholder engagement skills across all organisational levels.

Education and Qualifications

• Extensive experience in technology compliance, risk management, controls, and governance within a regulated environment.
• Experience within a financial industry desired.
• BA/BS degree, and/or relevant industry experience.

Skills and Abilities

• Experience in Technology governance, risk, and compliance.
• Strong stakeholder management at all levels.
• Providing guidance on Technology governance, risk, and compliance matters.
• Ability to identify and evaluate Technology risks and controls and provide practical and effective recommendations.
• Ability to communicate complex Technology risk and compliance issues to non-technical audiences.
• Experience in writing effective committee papers desired.

Knowledge Requirements

• Passionate about compliance, risk management, audit principles and practices and continuous improvement.
• Proven experience in operating in an IT GRC environment and in particular, leading the designing of IT risk frameworks, controls and policies.
• Excellent stakeholder management, communication and influencing skills, with the ability to build strong relationships and partnerships across the organisation.
• Strong knowledge and understanding of Technology risk management frameworks, methodologies and tools, such as COBIT, ISO 27001, NIST, etc.
• Strong knowledge of Technology governance, compliance and regulatory requirements, such as GDPR, PCI-DSS, Solvency II, etc.
• Analytical approach with ability to work systematically and unsupervised, to tight deadlines and with multiple competing priorities.
• Demonstrable ability to communicate with project teams and advise on operational implications of business requirements and change delivery risks.
• A self-starter and independent learner who takes the initiative to challenge the status quo and is creative and comfortable with ‘blank sheet of paper’ assignments.
• Strong written and oral communication skills.
• Influencing and excellent report-writing experience with a high standard of English is a pre-requisite.