Description
Senior IT Risk Analyst
MS Amlin
6 months+
London (remote + onsite working)
Inside IR35
About Client:
MS Amlin is part of a global top-10 insurance group MS&AD, with three main legal entities' operating in the Lloyd's, UK, Continental European and Bermudian markets. We have an enviable reputation for our customer knowledge, claims service and the specialist insurance and reinsurance expertise we apply. We provide the type of security leading organisations need to break new ground, innovate and offer life-changing services and amenities to some of the world's most challenging regions. Our record extends back over 300 years and today we have more than 1800 people in more than 20 locations worldwide.
Role Overview:
The business' strategic vision and point of differentiation is customer intimacy in the delivery of all its service to customers in all its markets. With respect to IT, the business needs to ensure that its use of technology supports all operational delivery, client service plans and growth plans. IT is a core aspect of this strategic business objective in respect of the necessity to minimise operating risk.
The challenge facing IT is to maintain a stable, robust and secure IT service whilst at the same time provide a responsive and flexible capability to accommodate changes that will help the business grow to meet the demands of the business strategy.
This is a key supporting role within the IT Standards and Performance team to ensure on-going risks and threats to business-critical IT systems and assets are being reported and analysed effectively.
Key Responsibilities:
Governance
- Manage the relationship (within CIO Org) to ensure controls comply within MSA expectations. This involves providing risk & control advice to the technology teams to ensure that they can meet their control objectives.
- Manage/support the relationship (outside CIO Org, eg Internal Audit, 2nd Line, KPMG, HO) to ensure engagement with teams balances value and delivery efficiency alongside controls comply within MSA expectations. This involves providing risk & control advice to the technology teams to ensure that they can meet their control objectives.
- Support a balanced risk narrative to ensure what we deliver is reflected as well as what we need to deliver.
- Support the normalisation of IT Risk Management into BAU (eg embedding in the project cycle, linkage to incidents and change management.)
- Supporting the Head of IT Risk & Controls in the development and implementation of technology risk management processes.
- Supporting completion/oversight of key regulatory certifications and in house attestations, eg JSOX, Cyber Essentials, compliance questionnaires from our parent company.
Risk Management
- Ensuring that risks identified are adequately documented, reviewed, reported and managed with cost effective and proportionate controls to mitigate those risks across the enterprise. These controls must balance the need to manage IT risk whilst supporting the business in achievement of corporate objectives.
- Ensuring the approach to risk management complies with accepted international best practice and meets all applicable regulatory, legislative requirements and is agile enough to respond to changes in the business risk appetite.
- Challenge and oversight of technology teams to ensure control assessments are adequately performed and that effective controls and/or plans are in place.
Reporting
- This role comes with a significant component of reporting and support across a wide range of stakeholders.
- Regular reporting to the IT leadership team on the status of controls compliance activities.
- Reporting to Senior Executive forums the status of controls compliance eg Committee reporting, periodic Board updates and Management Letter responses.
Stakeholder Management:
The individual will be expected to build strong relationships with the business and 2nd/3rd lines of defence to improve control outcomes. This will include providing regular updates on the agreed action plans, working with Internal and External Audit to ensure an efficient audit process and to manage and coordinate the agreement and the subsequent implementation of audit actions.
Key Skills:
- JSOX experience/awareness (at least 2 years hands-on coordinating and/or managing the audit)
- Strong business awareness, delivery and customer service focus
- Good understanding of IT risk analysis best practice, controls, risk mitigation within IT and operational context both within the insurance and market generally
- Adaptive and responsive to change
- General level expertise in respect of IT risk processes, frameworks and procedures
- Working with virtual teams
- A good understanding of outsource vendor responsibilities
- Delivering results through a structured, planned approach
- Good understanding of IT risk processes, practices and technical countermeasures.
- Partnership working and working across Business units
- IT risk delivery expertise within a multi-stakeholder environment
- Results and delivery focus
- Good interpersonal skills, report writing skills, presentation skills
- University Degree (Graduate)/Postgraduate in related areas of discipline (preferably)
- The post holder will be required to demonstrate at least two years relevant professional experience and ideally hold or be in the process of studying towards one of the following professional certifications and qualifications. CRISC, CISA or COBIT. Equivalent qualifications to these listed will also be acceptable.
Why join us?
- Formal mentoring program to help the post holder in career development. This covers both MS Amlin and the wider MSIJ/MSIEU family (parent company).
- Internal and External training to assist post-holder in formalising his/her 'on-job-training' into industry recognised credentials (where applicable).
- Participation and engagement on industry forums to contribute into thought leadership and raise both the Amlin and post-holder's brand awareness.