Data Risk Analyst

This job is with Beazley, an inclusive employer and a member of myGwork – the largest global platform for the LGBTQ+ business community.

Key Relationships: Risk, Audit, Compliance, Information Security, Financial controls teams, General Management, IT/Data leadership and SMEs, Operational resilience, Procurement and Third-Party Management, COO general management, COO Business Risk and Controls team.

Job Summary: The role will effectively support management and oversight of compliance across the Data portfolio, ensuring robust risk, control management and assurance, internal and external audits, regulatory actions and workstreams. The role will play a part in developing and producing comprehensive monthly, quarterly, and ad-hoc risk and controls review and reporting, providing assurance to senior management and keeping them informed.

Key Responsibilities:

• Data Risk Management
• Support oversight of data risk identification, assessments, acceptances, and mitigation strategies across data management and technology functions, ensuring appropriate controls are designed and operating effectively.
• Support management of all data risks, controls, incidents, issues, and remediation activities that fall under the IT and Data remit, ensuring alignment with Group Risk Management frameworks.
• Partner with Data Governance, Architecture, Engineering, Security, and Business teams to co-manage and enhance the existing data control environment.
• Support the enhancement and management of data risk frameworks, data risk registers, and risk reporting processes.
• Assist in embedding data governance and risk management practices across critical data domains and business processes.
• Support development and monitoring of KPIs and KRIs for data risks, control effectiveness, data quality, regulatory compliance, and governance maturity.
• Support control assessments, control testing activities, and remediation plans across the data environment.
• Challenge business and technology stakeholders on data risk and control matters, including incidents, issues, remediation actions, and regulatory obligations.
• Contribute to the design, implementation, and continuous improvement of data risk policies, standards, controls, and governance processes.
• Support mapping of policies, standards, and controls to regulatory requirements and industry frameworks (e.g. GDPR, DORA, BCBS239, ISO, NIST, COBIT).
• Regulatory, Audit and Compliance
• Support management of internal and external audit processes, ensuring timely and accurate responses to audit requests, and driving remediation of findings with timely closures of related actions.
• Provide guidance and support to stakeholders regarding compliance and governance requirements.
• Support maintenance of a Data compliance register, mapped with applicable regulatory requirements and associated controls.
• Monitor changes in relevant laws and regulations and advising on impact and remediation, in conjunction with Compliance.
• Ensure policies, standards and guidance are updated following any review activities such as (but not limited to) external audits, regulatory changes and any internal change/requirements.
• In collaboration with Compliance, support relevant teams in fulfilling regulatory deliverables and provide input on any required communication to a regulator (e.g. CBI).
• Assurance
• Develop and carry out an annual assurance programme for controls and policies under the IT and Data functions.

Personal Specification:

Education and Qualifications

• Extensive experience (5+ years) in data compliance, risk management, controls, and governance within a regulated environment. Experience within a financial industry desired.
• BA/BS degree, and/or relevant industry experience.

Skills and Abilities

• Experience in Data governance, risk, and compliance.
• Strong stakeholder management at all levels.
• Providing guidance on Data governance, risk, and compliance matters.
• Ability to identify and evaluate Data risks and controls and provide practical and effective recommendations.
• Ability to communicate complex Data risk and compliance issues to non-technical audiences. Experience in writing effective committee papers desired.

Knowledge Requirements

• Passionate about compliance, risk management, audit principles and practices and continuous improvement.
• Proven experience in operating in a Data GRC environment and in particular, leading the designing of Data risk frameworks, controls and policies.
• Excellent stakeholder management, communication and influencing skills, with the ability to build strong relationships and partnerships across the organisation.
• Strong knowledge and understanding of Data risk management frameworks, methodologies and tools, such as DAMA methodology, BCBS239 etc.
• Strong knowledge of Data governance, compliance and regulatory requirements, such as GDPR, PCI-DSS, Solvency II, etc.
• Analytical approach with ability to work systematically and unsupervised, to tight deadlines and with multiple competing priorities.
• Demonstrable ability to communicate with project teams and advise on operational implications of business requirements and change delivery risks.
• A self-starter and independent learner who takes the initiative to challenge the status quo and is creative and comfortable with ‘blank sheet of paper’ assignments.
• Strong written and oral communication skills. Influencing and excellent report-writing experience with a high standard of English is a pre-requisite.