Information Technology and Security Risk Manager

Job Purpose:

Information risk refers to the risks to the business related to Technology, Information Security and Data quality. Given Admiral’s focus on being a data and technology driven company, Information Risk is a key risk area for the business.

This medium level role is based in the EUI Risk team, with responsibility for oversight and challenge of all Information risks including Technology, Information Security and Data quality.

The successful applicant will support the Information Risk team, working collaboratively with other teams with EUI Risk and all areas of IT, Information Security and Data.

Main Duties:

• Providing oversight and challenge of Information risks across EUI, including Information Security, Technology and Data quality risks.
• Act as a subject matter expert within the EUI Corporate Governance functions for Information risk management and security related matters.
• Leading and supporting on independent risk / security assessments of the key Information and Security risks and controls across EUI, identifying, assessing, escalating and reporting on potential information risks and issues to Admiral.
• Providing oversight and challenge of the business response to Technology and Information Security risk incidents and events throughout EUI.
• Providing review and challenge for EUI change projects related to Technology, Information Security and Data via steering committee membership or undertaking project risk reviews.
• Developing the Information risk framework within EUI including the implementation and embedding of the tools, policies, standards and procedures required to support the risk oversight and assessment activities.
• Promote and embed Enterprise Risk Management (ERM) processes, awareness and understanding across the EUI Technology, Information Security and Data teams in order to maintain operational resilience, minimising customer detriment and financial losses.
• Assess the impact of Technology and Data change within the business against Admiral’s risk profile, ensuring timely identification of key themes and emerging risks, issues and exposure, and providing recommendations to management to mitigate and resolve potential issues.
• Reporting and escalating on risks and issues to senior managers, heads of department, Corporate governance teams and relevant working groups, management committees and Boards.
• Monitoring and assessing EUI’s compliance with Group & EUI Policies and Group Minimum Standards in relation to IT and Information Security.
• Represent EUI Risk in relevant working groups and meetings.
• Develop and maintain key stakeholder relationships across EUI, performing the role as a ‘critical friend’ to the business.

This is not a full definition of the role but covers the main aspects and drivers for success.

Behavioural Competencies:

Professional Expertise:

• Posses the ability to make effective and informed decisions.
• Keep up to date with the latest legislation and regulations that apply to Information Risks.

Initiative and pro-activity:

• Demonstrate an ability to seize opportunities without waiting for an event or having to be told.
• Quickly understands the business issues and challenges of the business.

Planning and Organising:

• The ability to develop clear, efficient and logical approaches to work.
• The ability to tackle issues and problems in a logical, step-by-step way.

Customer focus:

• The ability to understand the needs and priorities of customers (inside and outside the organisation) and the desire to meet their expectations.

Communication:

• Ensure that all communication is clear and appropriate for its intended audience.
• Able to communicate with employees of all levels including senior management.
• Able to influence and challenge stakeholders and senior management.

Experience and Qualifications Required:

Essential:

• Commercially aware, proactive, forward looking, inquisitive and attention to detail.
• Working on own initiative, with the ability to introduce fresh thinking to the role and the wider Risk team.
• Excellent communication skills (both written and verbal) and stakeholder management.
• Excellent interpersonal and influencing skills.
• Passionate to learn about securing emerging threats and technologies
• Understanding of Cloud Technology best practice and Governance.
• Understanding of the Risk Management Lifecycle
• Understanding of Data Governance & Information Security Best Practices
• Understanding of Technology Risk

Desriable:

• Experience working in IT and/or Information Security Teams (3-5 years)
• Familiarity and experience implementing Enterprise Risk Management framework.
• Understanding of the three lines of defence model to corporate governance.
• A good knowledge and understanding of Technology and/or Information Security risks and frameworks.
• Understanding of Digital Technologies and risks associated with adoption of new Technology.
• Understanding of industry wide IT standards (e.g., ITIL, NIST, CIS Top 20 Controls)

Benefits and Work-Life Balance:

At Admiral, we are proud to be a diverse business where we put our people and customers first. We have great benefits to ensure employees have a great work-life balance; it's one of the reasons why we're consistently voted one of the Sunday Times’ Best Big Companies to work for in the UK. We want you to have an element of freedom to define a working lifestyle that supports this, so accommodate flexible hours wherever possible.

We do not have a set salary for this position, as it will be dependent on the successful candidate’s experience. We are happy to see CVs from all candidates who meet the requirements and will be happy to discuss the remuneration package

If you think this role is for you and would like to be considered for this opportunity, please complete an online application form. Please be advised we do not accept CV's directly. 

#LI-LP1