My client is a leading Asset Manager based in the city. They are currently searching for an Investment Risk Manager reporting into the Head of Information Risk to join their growing team.
The Information Risk team forms a 2nd Line of Defence function, with primary responsibility to operate the Information Security Management System and oversee of information security across the firm.
The Information Security Management System is certified compliant with ISO27001. As such, risk and policy management is a core part of the cycle of planning and assessment, under the governance structure.
The purpose of the role is to operate the risk and policy management function within the Information Risk team. This comprises:
- Ownership and maintenance of the information risk profiles within the company-wide RCSA
- Management and operation of the ISMS risk management cycle and risk structure
- Assessment of information risks with support where necessary from the Head of Information Risk
- Maintenance and distribution of complete, current, compliant and coherent policy and standard sets
- Management and operation of the ISMS policy exception management cycle
In addition to the core responsibilities, you will participate in the broader functions of the team, including:
- Approvals for high-sensitivity access and privilege
- Response to customer and prospect diligence enquiries
- Response to colleagues and assistance with training and awareness programmes.
- Support and evidence for audits
- Identification and selection of tools and systems for efficient operation of the Information Risk function
Knowledge & Skills Desired
- The role is primarily addressing risk management rather than information technology controls, however exposure to IT and cyber risk management is likely to be very valuable. Experience of the cycle of risk assessment, treatment and review is important.
- The role depends on familiarity with policy as a tool and a control, and it will benefit from experience building relationships with users and stakeholders to develop and maintain policy and standards.
- The role does not have direct responsibility for ISO27001-compliance but the standard does set the context and so some familiarity would be useful.
- Some understanding of investment management business and regulators would be beneficial but is not essential.
- We would expect to see analytical and organisational skills with the ability to work independently, and as part of a wider team, with minimal supervision. The role requires an analytical thinker good written and spoken communication skills.
- Experience of Corporate Risk
- Understanding of Information Risk (including Information Technology Risk)
- Able to work autonomously
- Able to engage with senior stakeholders across the various divisions of our business (strong communication skills and a degree of gravitas)
- Risk Management