Risk Manager
Posted 1 week ago by Lorien
Negotiable
Undetermined
Hybrid
Scotland, United Kingdom
Summary: The Risk Manager role involves driving the adoption of a risk management framework while collaborating with management to define and measure key risks and controls for IT and OT. The position requires providing assurance on the effectiveness of controls and compliance with obligations, as well as delivering key management information for decision-making. The role also includes stakeholder engagement and oversight of audit actions to ensure continuous improvement in risk management practices.
Key Responsibilities:
- Support the implementation and operation of the IT Governance, Risk and Compliance framework.
- Implement and manage the IT risk management framework.
- Facilitate risk reviews to identify, quantify and mitigate IT & OT risks.
- Engage regularly with stakeholders to provide advice and guidance on risk management.
- Provide assurance on the adequacy of IT & OT controls and monitor progress for improvements.
- Coordinate actions in response to audit findings.
- Support the formulation of delivery plans to address root causes and monitor progress.
- Oversee the progress of audit actions.
- Monitor and report compliance with relevant policies, standards, and regulations.
- Liaise with Cyber Risk, Operational Technology, Information Security, and Risk & Assurance teams.
- Ensure timely reporting on IT & OT Risks to Risk Boards and Committees.
Key Skills:
- Educated to degree level or with at least 3 years’ relevant experience.
- Experience in delivering IT risk, compliance, or assurance activities.
- Knowledge of OT Systems, Cyber, and Engineering risk management.
- Experience in designing or reviewing IT/OT processes and performing risk assessments.
- Understanding of client's strategy, structure, and governance framework.
- Familiarity with IT governance frameworks such as COBIT 5, ITIL, ISO31000, 27005, 38500.
- Ability to perform Risk/Return analysis.
- Strong communication skills, both written and oral.
- Problem-solving and analytical skills.
- Ability to engage effectively with stakeholders.
Salary (Rate): undetermined
City: undetermined
Country: United Kingdom
Working Arrangements: hybrid
IR35 Status: undetermined
Seniority Level: undetermined
Industry: Other
Job Title: Risk Manager
Job Location(s): Scotland - Perth/Glasgow/Eurocentral/Aberdeen
Hybrid Working: 2-3 days ideally in the office
Description:
Main Purpose of Job
Drive the adoption of risk management framework. Work collaboratively with management to define, communicate and measure key risk and controls for IT and OT risks to be maintained in line with business risk appetite. Provide assurance on the effectiveness of controls and confirm compliance with obligations. Provide key management information to enable the Leadership to make decisions.
Key Accountabilities
- Support the implementation and operation of the IT Governance, Risk and Compliance framework.
- Implement and manage the IT risk management framework.
- Facilitating risk reviews to identify, quantify and mitigate IT & OT risks.
- Regular stakeholder engagement providing advice and guidance on risk management.
- Provide assurance on the adequacy of IT & OT controls to manage risk, provide recommendations and monitor progress to ensure controls are improved and effective.
- Coordinate timely and appropriate actions to be taken in response to audit actions.
- Support the formulation of delivery plans to address root cause and monitor progress.
- Involvement in risk mitigation projects as required.
- Oversight of the progress of audit actions.
- Monitor and report compliance with relevant policies, standards, procedures, legislation and regulation.
- Regular liaison with the Cyber Risk, Operational Technology, Information Security team and Risk & Assurance teams across the business and Group.
- Ensure accurate, timely and relevant reporting on IT & OT Risks to various Risk Boards and Committees.
Education
Educated to a degree level or above or at least 3 years’ relevant experience
Experience
Experience of delivering IT risk, compliance or assurance activities (or equivalent role)
Experience of OT Systems, Cyber and Engineering risk management
Experience of designing or reviewing IT/OT processes and their controls and performing risk assessments
Experience engaging with a wide range of stakeholders
Focus on continuous improvement
Business Knowledge
Understanding of client's strategy, structure and governance framework
Working knowledge of IT and operational risk, IT and enterprise architecture, IT strategy and IT outsourcing, service management and delivery
Working knowledge of audit and assurance methods
Full IT project lifecycle experience
Industry standards, regulation and legislation knowledge
Understanding of continuous improvement methodologies
Functional and Technical Skills
Good knowledge of IT governance frameworks such as COBIT 5, ITIL, ISO31000, 27005, 38500 and their interactions
Ability to perform Risk/Return analysis
Ability to work in matrix environments
Quality management
Works in compliance with Business Principles, Policies and Standards
Communication and Personal Attributes
Ability to engage effectively with all stakeholders (internal and external)
Fluent communicator, both written and orally, with high attention to detail
Strong organisation skills
Negotiation and influencing skills
Maintain objectivity and impartiality
Planning, communication and presentation skills
Flexibility to adapt and compromise
Ability to carry out self-led learning
Problem Solving, Analysis and Reasoning
Able to use multiple problem solving methodologies
Adept at identifying appropriate workarounds
Experience in resolving complex problems
Accountability and Financial Dimensions
Accountable for own work
No direct or indirect responsibility for budgets or other financial measures.