Senior Manager - Technology Risk and Controls

Employer: LSEG Romania
Domain:
  • Internet - eCommerce
  • IT Hardware
  • IT Software
  • Job type: full-time
    Job level: 1 - 5 years of experience
    Location:
  • BUCHAREST
  • Updated at: 16.05.2022


    Role Purpose

    Support Technology COO team in ensuring a positive and responsible approach to risk management across technology in an environment of increasing regulatory and audit attention

    • Support the group's approach to managing risk, aligning with group risk, audit, regulators and other stakeholders
    • Work with divisional teams to ensure timely planning for adequate resources and priority to meet demand for risk data and process
    • Ensure divisional leaders are managing top risks responsibly and build transparency around remediation plans into the change portfolio
    • Provide support to the regulatory office in delivering required data and constructive challenge to regulators
    • Provide quality assurance support regulatory and audit responses


    Role Responsibilities

    This role enables Technology team to understand and respond to 1st line, 2nd line, regulatory and audit requirements in timely and effective manner using a long range schedule to plan risk assessment and controls assessment to front run upcoming / required outputs, and support effective management of risk in technology

    • Help to deliver a strong risk culture
    • Support the operationalisation of Risk Management into existing Technology processes including strategic planning & project management
    • Ensure risk appetite and links to technology objectives influence target operating model and investment priorities
    • Develop consolidated regulatory requirements catalogue across operating entities and regions and their applicability to technology
    • Contribute data to performance and risk metrics embedded into existing reporting mechanisms, for leadership teams, Exec Risk Committees, board etc.

    Advocate for a broad, active community of risk champions and stakeholders to improve the risk management and control culture across the technology organisation

    • Build expertise in the management of IT controls to provide added value across technology
    • Deliver risk and control data analytics dashboards to facilitate data driven decisions by senior leaders
    • Use modern data analytics to enhance strategic intelligence / risk assessments

    Key relationships

    • Other Technology COO functions including strategy, business performance and programme governance
    • Technology Leadership Team (Divisional CIO's)
    • Divisional business management teams and risk leaders
    • Regulatory office
    • Cybersecurity
    • Internal Audit
    • External Audit
    • Group Risk

    Skills

    • Previous IT Audit, 2nd line Technology Risk or 1st line technology risk assurance expertise in financial services
    • Industry / leading practice knowledge to provide guidance to support Divisional Technology teams and influence practices in DevSecOps, agile, tooling, architecture, disaster recovery, operational resilience, IT asset management, incident and problem management, IT third party risk management, program/project management, infrastructure practices
    • Review / challenge risk & control assessments and control testing performed by the Divisional risk representatives and provide training as required
    • Perform validation testing on actions
    • Ability to write and distinguish between risks, controls, process, issues and actions
    • Help to facilitate updates/refreshes of the Group Risk Taxonomy and Risk Appetite with the Divisional Technology Risk Officers
    • Ad hoc projects and initiatives
    • GRC tool design requirements and testing
    • Thematic analysis of risk exposure
    • Qualifications: CISA, CRISC, CGEIT, CDPSE, CCSK or similar

    Leadership responsibilities
    May include direct line management and matrix management of contract resources in order to build out control processes and tooling

    Critical deliverables

    • Support divisional CIO's and their risk teams to move the risk culture of 1st line to be stronger, proactive and with increased capacity to provide timely and quality input to 2nd and 3rd line, getting on the front foot with implementing controls
    • Maintain IT control library that can be applied across all Technology divisions
    • Support and monitor remediation of key risks from 1LoD, 2LoD and audit observations
    • Execute assurance activities to ensure appropriate and periodic risk management activities are completed to a level of rigour that supports responsible risk taking by Technology
    • Prepare reports for various risk committees

    Impact

    • By strengthening risk management capabilities in Technology, the role holder is directly contributing to the improved management of risk and therefore avoidance of negative events with revenue or reputational impacts.
    • The role holder will have the opportunity to support a complex agenda of change activities that contribute to the material success of the organisation by reducing operational risks and ensuring that the business can make investment and mitigation decisions with appropriate data and rigour

    At LSEG, we believe that creating a diverse and inclusive organisation is fundamental to the way we deliver on our promise - and our purpose. You'll be part of an organisation of over 25,000 people, spanning 70 countries. We recognise the individual perspectives each of our colleagues brings, and our diverse workforce is one of our greatest strengths. In supporting collaboration and creativity and encouraging new ideas across a diverse and inclusive workforce, we can improve how we are driving financial stability, empowering economies and enabling customers to create sustainable growth.

    LSEG offers a range of tailored benefits and support from healthcare and retirement planning to paid volunteering days and wellbeing initiatives.

    We are an equal opportunities employer. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.

    Please take a moment to read this privacy notice carefully, as it describes what personal information the London Stock Exchange Group (LSEG) ("We") may hold about you, what it's used for, and how it's obtained, your rights and how to contact us as a data subject.

    If you are submitting as a Recruitment Agency Partner, it is essential and your responsibility to ensure that candidates applying to LSEG are aware of this privacy notice.