Information Risk and Compliance Manager
- 26 March 2019
Job title: Information Risk and Compliance Manager
Team: Finance and Operations Team
Reports to: Head of Finance and Operations
Location: Bath, UK
Please note, this position is only open to applicants who have the right to work in the UK.
As an organisation trusted with the confidential data of many of the world’s largest financial services organisations, information risk management is at the heart of what we do, and central to the ongoing success of our business.
We’re looking for an experienced information risk and compliance professional to join ORX at an exciting time in our three-year strategy. This is a broad and critical role, with a chance to lead on information security, internal risk management and compliance.
Our business strategy is leading us to expand our data sharing, while maintaining a control environment that is robust and stands up to the rigorous expectations of our members and tightening regulations.
The purpose of this role is to oversee company-wide compliance with both statutory and regulatory standards, focused on information security. You will have significant autonomy to lead internal risk management, oversee risk assessments, coordinate responses and report to the executive team and board to ensure appropriate controls are in place.
A key element of the role is managing audits conducted by our members and ensuring that the organisation remains up to date with the latest expectations of the financial services sector regarding the risk management practices of its third parties.
You will provide specialist guidance and advice for internal projects, deliver training, and raise awareness throughout the organisation on risk management. ORX currently aligns itself with ISO standards and there is an opportunity to review this approach and seek formal certification if appropriate.
You will be based in Bath, although some home working may be possible. We are looking for someone to work either full time or part time (minimum 3 days per week).
ORX helps the global financial services industry measure and manage operational risk. We research, improve understanding and share knowledge to benefit our members and the wider sector.
We're a dynamic, fast-growing, international industry association with a membership of over 95 leading banks and insurers from more than 20 countries. We are continuing to grow our membership and range of services in 2019.
You will work as part of the Finance and Operations team, responsible for delivering the key operational services that keep the organisation running effectively and safely.
Main duties and responsibilities
Key responsibilities for the Information Risk and Compliance Manager include:
- Responsible for governance and reporting relating to internal risk management and Information Security
- Managing reviews and external audits from existing and prospective members
- Ensure compliance with established policies, procedures and create new ones where required
- Act as a key advisor and consult on the risk implications of key business projects
- Creating and maintaining relevant policies and procedures
- Continuous improvement of ORX internal control environment
- Communicating, training and advising on information security and compliance issues
Skills, knowledge and experience
- Right to work in the UK
- Professional security qualifications and/or certifications such as CISSP, CISM, CISA or equivalent
- Broad knowledge of IT architecture and underpinning technologies
- Good knowledge of the latest trends in information security and risk management, e.g. evolving technologies, Cyber risk mitigation, etc
- Experience of auditing IT environments, either through an internal or external audit role
- Knowledge of security and control frameworks such as ISO 27001, 9001, CobiT and ITIL
- Strong relationship management skills
- Demonstrate a high degree of initiative and a drive to get things done. Work autonomously and pro-actively.
- Strong written and verbal communication skills
- Knowledge of banking and financial services
- Knowledge of operational risk
What we offer in return
- Competitive salary
- Flexible working to support a healthy work/life balance
- Bonus scheme
- Eight per cent company contribution to pension
- Employee recognition scheme
- Support for training and development
- Twenty-five days holiday a year, increasing by one day for each year of service to a maximum of 28 days
- Interest free rail season ticket loan
- Summer and Xmas social events
- Inclusive and supportive working environment
What else do you need to know?
We are an equal opportunity employer. We create an environment where everyone has an equal chance to succeed, during our recruitment phase and through their career at ORX.
At ORX, we work hard while recognising the importance of the well-being and work life balance of our staff. This is reflected in our culture and in our approach to flexible working.
As we manage and have control of highly confidential data, the successful candidate will have to make specific commitments in this regard and will be subject to background checks.
To apply send your CV and a covering letter to [email protected]. In the body of the email, please confirm what your salary expectations are.