Job Description

Posted 1 month ago

Main purpose of job:

The IT Risk and Governance Manager will play a crucial role in maintaining the integrity and security of our IT systems. Reporting directly to the CISO, you will own the management and administration of IT risks, lead the IT audit and assessment program (including PCI DSS, SWIFT, and Cyber Insurance), and ensure the Business Continuity Planning (BCP) documents are updated and effective. This role will involve effective collaboration across IT Management to facilitating governance activities, and ensure the accurate and timely reporting of IT Risk and Governance MI for executive stakeholders.

IT Audit and Assessment Management:
* Collaborate with relevant stakeholders to create, own and maintain a forward plan for various audit, risk and governance activities, including internal audits, external audits, IT assessments, DR and IT BCP tests and policy review schedules.
* Co-ordinate and facilitate the execution of IT audits and assessments, including but not limited to PCI DSS, SWIFT, and Cyber Insurance.
* Measure and report adherence to IT risk management policies and procedures, making recommendations for improvements where necessary, to ensure compliance with relevant industry standards, regulations, and best practices.

IT Risk Management:
* Own and maintain the IT risk register, risk acceptances, risk assessments and
associated risk artifacts, ensuring they are kept updated, all identified risks have
owners, are appropriately assessed, categorised with an agreed and documented
treatment plan.
* Collaborate across IT and group Governance teams to identify, register and document emerging risks, and status of planned remediation for existing risks, for escalation and management reporting.

BCP Documentation:
* Maintain and update the IT Business Continuity Plan (BCP) documents, ensuring they reflect current business processes and IT systems.
* Ensure IT staff are aware and prepared for BCP through, communication, documentation and testing exercises.

IT Governance Reporting and MI:
* Work closely with IT senior management to ensure all IT risk, governance and assurance reporting artifacts are up-to-date, accurate and available for IT governance and organisational executive stakeholder meetings.

IT Departmental Process Owner:
* Take ownership of specific IT departmental policies and processes, such as Fire Evacuation procedures, Recruitment processes, Data Protection Impact Assessments (DPIA), Records of Processing Activities (ROPA), External Data Transfers, Disaster Recovery (DR) call tree, and IT departmental DR processes.
* Manage and enhance these processes to ensure efficiency and compliance