IT Risk Manager

Time left to apply: End Date: July 31, 2025 (6 days left to apply)

Job Requisition ID: R-5598

The IT Risk Manager role supports the organisation’s IT & Ops Risk Management Programme by serving as a best practice/quality contributor. The individual will act as the first line of defense, conducting risk assessments and managing activities including risk identification, profiling, assessment, response, evaluation, and advising on issues and remediations. This position ensures alignment with the Risk and Controls Governance framework.

Candidates should have an intermediate or expert understanding of IT & Operational risks and experience executing first line IT risk management processes within a large institution. Strong communication, management skills, and knowledge of industry best practices are essential.

1. Strategy and Transformation:
   • Align with Group RCG target state program, including governance, risk management methodologies, technology enablement, automation, metrics, and reporting.
   • Collaborate with the three lines of defense and other risk functions to support and align the Risk and Controls Governance strategy.
   • Engage stakeholders at all levels to ensure effective communication and buy-in.
   • Develop education, training, and awareness campaign materials on IT & Operations risks.
2. Operational Activities:
   • Execute risk profiling, assessments, scenario analysis, and metrics reporting.
   • Develop materials for leadership review and facilitate governance channels for risk response plans.
   • Act as the point of contact for stakeholder questions, manage escalations, and provide risk advisory support.
   • Provide updates to executives and prepare training materials as needed.
   • Escalate issues appropriately and perform other duties as directed.

• 5+ years of experience in IT & Operations Governance and risk functions.
• Ability to develop and maintain risk registers, control libraries, and compliance documentation.
• Strong analytical skills for assessing complex risks and recommending controls.
• Experience working with cross-functional teams including Operations, IT, security, and compliance.
• Excellent interpersonal, communication, and stakeholder engagement skills.
• Knowledge of technology processes, risk, and control frameworks.
• Relevant certifications (e.g., CISSP, CISM, CISA, CIA, CRISC, etc.) are desirable.

CNA Hardy is a leading provider of specialized commercial insurance, offering innovative products across global markets. We serve clients of all sizes, providing tailored solutions for domestic and international exposures.

With offices across Europe and a Lloyd's Syndicate, we leverage local expertise to deliver fast, effective insurance solutions. As part of CNA Financial Corp, we are trusted for over 125 years, serving over 1 million businesses worldwide.