Information risk refers to the risks related to Technology, Information Security and Data quality. Given Admiral’s focus on being a data and technology driven company, Information Risk is a key risk area.
The role is based in the AECS Risk team, with responsibility for oversight and challenge of all Information risks including Technology, Information Security and Data quality.
The successful applicant will work collaboratively with other teams including all areas of IT, Information Security and Data.
- Responsible for oversight and challenge of Information risks across EU entities, including Information Security, Technology and Data quality risks.
- Act as the subject matter expert within the EU Corporate Governance functions for Information risk management and security related matters.
- Leading on independent risk / security assessments of the key Information and Security risks and controls across EU, identifying, assessing, escalating and reporting on potential information risks and issues to Admiral.
- Responsible for oversight and challenge of the business response to Technology and Information Security risk incidents and events throughout EU.
- Providing review and challenge for EU change projects related to Technology, Information Security and Data via steering committee membership or undertaking project risk reviews.
- Developing the Information risk framework within EU including the implementation and embedding of the tools, policies, standards and procedures required to support the risk oversight and assessment activities.
- Promote and embed Enterprise Risk Management (ERM) processes, awareness and understanding across the EU Technology, Information Security and Data teams in order to maintain operational resilience, minimising customer detriment and financial losses.
- Assess the impact of Technology and Data change within the business against Admiral’s risk profile, ensuring timely identification of key themes and emerging risks, issues and exposure, and providing recommendations to management to mitigate and resolve potential issues.
- Reporting and escalating on risks and issues to senior managers, heads of department, Corporate governance teams and relevant working groups, management committees and Boards.
- Monitoring and assessing EU’s compliance with Group & AECS/AIS Policies and Group Minimum Standards in relation to IT and Information Security.
- Represent EU Risk in relevant Committees, working groups and meetings.
- Develop and maintain key stakeholder relationships across EU, performing the role as a ‘critical friend’ to the business.
This is not a full definition of the role but covers the main aspects and drivers for success.
- Possess the ability to make effective and informed decisions.
- Keep up to date with the latest legislation and regulations that apply to Information Risks.
Initiative and pro-activity
- Demonstrate an ability to seize opportunities without waiting for an event or having to be told.
- Quickly understands the business issues and challenges of the business.
Planning and Organising
- The ability to develop clear, efficient and logical approaches to work.
- The ability to tackle issues and problems in a logical, step-by-step way.
- The ability to understand the needs and priorities of customers (inside and outside the organisation) and the desire to meet their expectations.
- Ensure that all communication is clear and appropriate for its intended audience.
- Able to communicate with employees of all levels including senior management.
- Able to influence and challenge stakeholders and senior management.
Experience and Qualifications Required
- Commercially aware, proactive, forward looking, inquisitive and attention to detail.
- Working on own initiative, with the ability to introduce fresh thinking to the role and the wider Risk team.
- Excellent communication skills (both written and verbal) and stakeholder management.
- Excellent interpersonal and influencing skills.
- Passionate to learn about securing emerging threats and technologies
- A strong knowledge and understanding of Technology and/or Information Security risks and frameworks. Proved hands on Experience in managing information technology risks”.
- Understanding of the three lines of defence model to corporate governance.
- Proved hands on Experience in managing information technology risks.
- Experience working in IT and/or Information Security Teams.
- Familiarity and experience implementing Enterprise Risk Management framework
- Knowledge of industry best practices / risk frameworks for IT and Security risk management is desired