Risk Manager

We are looking for a talented individual to join our Enterprise Risk Management team as a Risk Manager, in London or Bermuda. This is a broad, integrative second line risk role ideal for someone who can combine strong risk judgement with a practical, collaborative approach. This is an opportunity to play a meaningful role in strengthening an enterprise-wide risk framework, while contributing across a broad set of interconnected risk disciplines.

You will contribute to core elements of our enterprise-wide risk framework and to board-level risk governance activities. You will also serve as the primary lead for the design, oversight, and ongoing execution of business continuity, third-party risk, and data protection and privacy programs, while embedding an operational resilience framework across relevant areas. The role is well suited to someone who enjoys connecting related disciplines, identifying gaps and overlaps, and helping embed robust but pragmatic frameworks across a multifaceted business.

What will your responsibilities be?

• Contribute to core enterprise risk management activities, including risk assessments, incident analysis, metric monitoring, risk capital frameworks, board-level governance reporting and interaction.
• Lead second line design, oversight, and ongoing execution of:

• Business continuity and incident response frameworks, including the full lifecycle of how we prepare for, respond to and recover from significant incidents and disruptions;
• Third-party risk management, including maintaining and enhancing our framework for oversight of third-party risk assessment, due diligence, onboarding, and ongoing monitoring;
• Data protection and privacy risk activities, including review of Privacy Impact Assessments, maintenance of Records of Processing Activities (ROPAs), and reviews of business and change processes to ensure appropriate data protection consideration.

About you

• A Bachelor’s degree (or higher) with a track record of academic achievement.
• Demonstrable experience in a second line risk, assurance, or oversight role, or in a related first line control function.
• Preferred experience in one or more of operational resilience, business continuity, incident response, third-party risk, or privacy/data protection.
• Familiarity with relevant risk frameworks or regulations preferred, such as ISO 22301, ISO 27001, NIST, GDPR, DORA, or APRA CPS230.
• Experience in a regulated financial services environment is beneficial.
• Comfortable working across multiple priorities and can combine strategic framework thinking with practical delivery.
• Communicate clearly and can engage constructively with stakeholders across business, technology, and assurance functions.
• Apply sound judgement, strong analytical skills, and a pragmatic approach to challenge and oversight.
• Curious and adaptable, with the ability to build knowledge quickly across new risk areas.
• Pragmatic and collaborative, with the confidence to challenge constructively.
• Delivery-focused and action-oriented, and comfortable taking ownership.
• Resourceful, solution-oriented, and able to see initiatives through to implementation.
• Calm and resilient when working through complex or challenging issues.

Instructions for application

To complete your application, please submit your resume and cover letter.

The Company

We are a global firm with offices across eight countries, over 400 employees and more than $50 billion in assets under management. But those numbers don’t define Orbis. It’s our values, how we do things day-by-day, and how we add value for our clients that define us. Our investment philosophy is fundamental, long-term and contrarian. As contrarian investors, we aim to take a different perspective, and this filters into everything we do. To invest differently, you need to think differently. This is encouraged by having teams of people with different backgrounds, experiences and ways of thinking.

Find out more about us at www.orbis.com.