IT Risk Manager
The Audit and Risk Recruitment Company (ARRC)* has been mandated by our client, a London based Fintech business, in their search for an IT Risk and Compliance Manager. As one of the UK’s leading banking software providers our client has been through a period of rapid expansion led by a series of acquisitions and continues to increase its customer database.
This is a high profile position, reporting to the Group CFO, this role will drive and embed best practices in Information Security, compliance, risk management and data privacy across the expanding Group.
The successful candidate will thrive in creating and embedding structure within a fast-paced, dynamic environment. They will be proactive, pragmatic and able to work across all departments and levels to help the business embed risk and compliance best practices.
You will take responsibility over driving and embedding best practices across risk management, compliance, information security and data privacy across the group.
- Develop, maintain and monitor risk management controls, policies and procedures, ensuring compliance with PRA regulations
- Taking a pragmatic and commercial approach to risk by prioritizing according to risk impact
- Ensure the group complies and adheres with security related legal, regulatory and business requirements.
- Build out and embed the use of data as part of risk processes (e.g. risk assessment and planning, continuous monitoring).
- Flag information security deficiencies or opportunities for improvement and help development of pragmatic solutions.
- Ensure regular reporting on compliance status and progress
- Act as Risk Champion and build out working relationships with the exec and senior management team to raise risk and compliance awareness across the business
- Lead on achieving external accreditations (e.g., Cyber Essentials Plus and ISO27001)
- Take the lead on achieving external accreditations
Required skills and experience
- Background in IT Risk and/or Risk Assurance (Big 4 Risk Assurance backgrounds would be appropriate)
- Strong understanding of the following: ISMS tools, Information Security principles, Information Security audits, Information Security regulation (e.g., GDPR), Risk Management Practices.
- Previous experience of working in a regulated industry (Financial Services is not prerequisite)
- Previous experience in software / technology business would be an advantage
- Experience and knowledge of the following: ISO27001 and Information Security best practices, Data Privacy regulations and data management best practices, controls audits, risk management practices
- IT governance experience
- Able to assess impact of regulatory requirements on the groups’ operations
*The Audit and Risk Recruitment Company: Experts in Audit and Risk!