IT Risk Manager

The IT Risk Manager role supports the organisation's IT & Ops Risk Management Programme by serving as a best practice and quality contributor. The individual will act as the first line of defense, providing risk assessments and managing activities such as risk identification, profiling, assessment, response, evaluation, and advising on issues and remediations to support the overall IT & Ops organisation. This position aligns with the Risk and Controls Governance framework.

This role requires an intermediate or expert understanding of IT & Operational risks and the execution of first line IT risk management processes within a large institution. Strong communication, management skills, and industry best practices knowledge are essential.

1. Strategy and Transformation:
2. Align with Group RCG target state program based on the planned roadmap, including governance, risk management methodologies, technology enablement, automation, metrics, and reporting.
3. Collaborate with the three lines of defense and other risk functions to support and align the Risk and Controls Governance strategy within CNA & CNA Hardy's broader risk functions.
4. Engage stakeholders across all levels to ensure effective communication, input, and buy-in.
5. Develop education, training, and awareness materials regarding IT & Operations risks, along with critical communications for clarity and adoption.

Operational Activities:

1. Execute operational activities including risk profiling, assessments for processes, applications, infrastructure, and scenario analysis.
2. Develop risk metrics and reporting, and prepare materials for leadership review.
3. Assist in creating and monitoring risk response plans, acting as a point of contact for stakeholders, managing escalations, and providing guidance on initiatives.
4. Update management on task progress, escalate issues, and perform other duties as directed.

• 5+ years of experience in IT & Operations Governance and risk functions, focusing on risk identification, assessment, and mitigation.
• Ability to develop and maintain risk registers, control libraries, and compliance documentation.
• Strong analytical skills and experience in cross-functional collaboration.
• Excellent interpersonal, communication, and presentation skills, comfortable engaging at all levels.
• Knowledge of technology process, risk, and control frameworks; relevant certifications are desirable.

The Company

CNA Hardy is a leading specialist commercial insurance provider, offering innovative products to businesses of all sizes across domestic, international, and global exposures.