Connecting to LinkedIn...

IT Operational Risk & Business Continuity Manager

Information About This Job

Job Title: IT Operational Risk & Business Continuity Manager
Contract Type: Permanent
Location: London
Industry:
Contact Name: Ben Cheema
Contact Email: bcheema@lawsonchase.com
Job Published: 22 days ago

Job Description

 

 

About The Company

The firm is a leading independent global asset manager, dedicated to delivering the best outcomes for clients through a highly diversified range of actively-managed products.

They support individual and institutional investors across a range of products, encompassing equities, fixed income, multi-asset and alternatives.

The firm consists of a team of independent and innovative thinkers who work tirelessly to help clients achieve their goals - and do it by fostering an energetic and collaborative culture that ensures their people love the place they work.

The company currently has over US$331bn1 of assets under management, and has a diverse geographic footprint, employing close to 2500 staff in 28 offices globally.

 

 

 

About The Role

The IT Operational Risk and Business Continuity Manager is responsible for establishing and maintaining overall IT operational risk management and business continuity functions. The individual in this position is responsible for identifying, evaluating and reporting on IT operational risks in a manner that meets regulatory and other compliance requirements, and to maintain, manage and govern IT's Business Continuity Management function for recovery from all types of business disruption risks (natural, technical, geopolitical, accidental, workforce, supplier) across the entire geographic footprint of the enterprise.

The IT Operational Risk and Business Continuity Manager works proactively with the various business units and other internal departments and organisations to implement practices that meet defined policies and standards.

As a risk manager, the role is the "process owner" for all IT related risk assessment and identification activities, for the company's IT system and information assets and for its IT dependent strategic business objectives. A crucia element of the risk manager's role is working with senior executives, line of business managers and other key decision makers to determine acceptable levels of residual risk for the company as a whole and for various internal departments and organisations.

As a business continuity manager, the role is the “process owner" for all IT-related business continuity activities. The role is responsible for  the planning and execution of IT business continuity rehearsals, and maintaining business continuity and technical recovery plans in accordance with Business Continuity Management policy.

The ideal candidate for this position is a proven thought leader, problem solver and integrator of people and processes, as well as an effective internal consultant. The candidate must also possess good domain competencies in a number of IT risk related disciplines, including security, business continuity management, audit coordination, privacy and compliance. The IT

Operational Risk and Business Continuity Manager must be much more than simply a technology and controls expert, he or she must also possess significant management and communications skills and industry specific

 

Key Responsibilities

  • Liaising with the Enterprise Risk Business Partners and Business Continuity teams, ensuring compliance and alignment with the Enterprise Risk and Business Continuity frameworks

  • Liaising with audit (internal and external) and coordinating audit activities

  • Guiding the development and implementation of internal policies and procedures, ensuring that activities are consistent with objectives, operating model and organisational strategy

  • Supporting the identification and documentation of risks and control weaknesses, and mitigation of those risks and weaknesses

  • Assessing, monitoring, and controlling the Technology risk portfolio

  • Supporting the currency of Technology Business Continuity and Technical Recovery Plans

  • Development of Business Continuity and Technical Recovery Rehearsal Plans

  • Coordinating Technology involvement in Business Continuity (including Crisis Management) exercises in partnership with 2nd Line Business Continuity function

  • Reports directly to the Head of IT Strategy and Planning

  • Tracks and reports risk management trends, opportunities and remediation monthly

  • Works closely with Enterprise Operational Risk and the Information Security,

  • Compliance, Business Continuity Management and Privacy organisations to develop and implement effective IT risk management practices

  • Makes recommendations to the Head of IT Strategy and Planning, appropriate risk governance committees, line-of-business managers concerning IT-risk-related controls

  • Acts as risk management liaison with all levels of the IT organisation and with the lines of business and other internal departments and organisations

  • Supervises the IT risk management related activities of indirect reports and others

 

Skills & Experience

  • BSc/BA degree level educated preferred but not essential

  • Certificate of the Business Continuity Institute (CBCI), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC) or equivalent would be beneficial but not essential

  • Significant experience in a continuity or risk management related discipline (E.g. information security, business continuity or technology risk).

  • Knowledge of a broad range of standards and frameworks would be helpful. E.g. International Standards Organization (ISO) 22301 and 27001. ISO 20000 and Information Technology Infrastructure Library (ITIL)

  • Knowledge of common risk management methodologies helpful. E.g. Control Objectives for Information and Related Technology (COBIT) and Committee of Sponsoring Organizations Enterprise Risk Management (COSO)

 

Key Competencies

  • A good understanding of strategic business risks

  • Ability to develop a good understanding of business and relate that knowledge to identified operations and IT related risks

  • Knowledge necessary to propose relevant continuity and risk responses to changing business risks and regulatory changes

  • Proven ability to communicate with people at all levels, from developers to the CIO

  • Excellent written and verbal communication skills, including the ability to effectively communicate security and risk related concepts to technical and nontechnical audiences; strong interpersonal and collaborative skills

  • Strong skills as a negotiator, to facilitate commitment to, and sign-off on, appropriate levels of residual risk from line of business managers

  • High level of personal integrity, with the ability to handle confidential and otherwise sensitive matters professionally and with the appropriate level of judgment and maturity

  • High degree of initiative, dependability and ability to work with little supervision

 

Ongoing competence in the role to be assessed by:

  • Annual Performance Appraisal

  • Completion of all assigned Compliance training

 

 

 

 

 

 

Ref: | Published: 26 Jun 2018