Technology Risk Manager
At Direct Line Group, insurance is just the start. Combining decades of industry experience with talented people in every field from data, technology, customer care and auto repair, to HR, finance and procurement , we’re a customer-obsessed market powerhouse. And we all work together to be brilliant for customers, every single day.
We’re evolving, to be a more digitally-focused data-driven insurance company of the future – and your unique talent, skills and ideas can drive our success. Like us, you thrive on collaboration, exploration and innovation. And like you, we take tech seriously. That’s why we’re embracing the move to a more digital, flexible world. With constant investment in the newest tools, programmes and equipment for our teams, it all adds up to creating the best possible user experience for customers. And a great career for you. Join us. Own the evolution.
A fantastic opportunity has arisen for a Technology Risk Manager to join our Governance, Risk and Compliance team! This is a 1LoD role where you'll be an IT Risk Subject Matter Expert for the CISO and Technology Services functions, conducting proactive and reactive IT risk assessments across multiple technology areas, recommending and facilitating appropriate responses and monitoring the delivery of any mitigations. You'll engage with Risk Owners to agree the current Risk Profile and actions to be within appetite as required.
What you'll be doing
Identify and draw out technology risks through discussions, workshops, relevant meetings, and engagement with projects and programmes
Identify, assess, manage and report on adherence to policy requirements and control effectiveness
Undertake technology proactive and reactive risk assessments, or thematic reviews, and formulate recommendations to respond to identified technology risks, issues and events
Manage technology risks, master action plans and events in the group Risk Management System
Identify, anticipate and recommend the need for changes to methodologies/approaches in response to changing risk profiles and business needs, through the identification of emerging risks and through continuous assessment of the inherent and residual risk exposure
Modelling and continuous improvement of the risk profile, through the development of risk measurement methodologies
Engage with the Enterprise Risk team (2LoD), Internal Audit and senior stakeholders across the business to ensure Technology Services and Information Security functions operate within the defined risk appetite and issues are remediated within the specified timelines
Provide strategic risk management advice on disruptive technologies and identify emerging risks associated with advances in technology and digital capabilities
Ensure agility and continuous integration/deployment by embedding risk management and regulatory compliance into operating environment and organisational culture
Establish the status of the risk profiles owned senior stakeholders, highlighting any changes in line with risk appetite.
What we're looking for
Technology risk, information security, or IT Audit background
Strong analytical skills, with experience in undertaking risks assessments in a technology environment
Excellent working knowledge of risk management tools, methodologies, control taxonomies and industry standard frameworks (NIST, ISO 27001, COBIT, PCI-DSS, ITIL, TOGAF)
Excellent working knowledge of security technologies and processes, including network and application firewalls, host and network intrusion prevention, anti-virus, advanced endpoint protection, cryptography, public key infrastructure and identity management and federation
Experience in infrastructure, application and cyber security architecture, technical risk and vulnerability assessments and/or managing issues identified from penetration testing
Experience of working in cloud environment, ideally with platforms such as Microsoft Azure and AWS
Experience of third-party relationships and identifying and managing the associated technology and information security risks
Experience of threat modelling and assessing the impact of threat scenarios
Excellent communication and stakeholder management skills and experience of preparing formal reporting for senior management
Our mixed model way of working offers a 'best of both worlds' approach combining the best parts of home and office-working, offering flexibility for everyone. How much you'll be in the office depends on your role, and we'll consider the flexible working options that work best for you.
Read our flexible working approach here.
This is a hybrid role based out of our new London Bridge office, and you'll need to be in the office c.4-6x a month.
What we'll give you:
We wouldn’t be where we are today without our people and the wide variety of perspectives and life experiences they bring. That’s why we offer excellent benefits to suit your lifestyle and a flexible working model combining the best parts of home and office-working, varying with the nature of your role. Our core benefits include:
9% employer contributed pension
Up to 10% annual bonus
25 days holiday (rising by 1 each year to 28) + bank holidays and option to buy or sell up to 5 days
50% off home, motor and pet insurance, plus free travel insurance and Green Flag breakdown cover
EV car scheme allows all colleagues to lease a brand new electric or plug-in hybrid car in a tax efficient way.
Employee discounts and cashback
Additional optional Health and Dental insurance
Buy as you earn share scheme
Plus many more!
Difference makes us who we are. We believe everyone should feel comfortable to bring their whole selves to work – that’s why we champion diverse voices, build workplaces that work for people, and invest in the things that matter. From senior leadership to inclusivity networks, adaptive working to inclusion training, we’ve made it our mission to give you everything you need to be authentically you. Discover more at directlinegroupcareers.com
Together we’re one of a kind.