Risk Lead

1. To establish an Exam Technology Risk Management process that integrates Exam Technology non-project risk management with Corporate Risk reporting, ensuring that Exam Technology meets all Risk Management requirements to maintain its status as the preferred supplier of IT services to the Product Groups.

2. Collaborating with Senior Leads from the Product Groups and other areas of CUP&A technology, the role promotes best practices with practical experience.

3. Within ETO, this role works closely with the Solution Area leadership teams to ensure proactive management for all categories of IT Risk pertaining to high-stakes assessment products.

4. To underpin our regulatory position and demonstrate control of risk, ensuring compliance with the Ofqual C1 condition and the organisation's risk management framework.

5. As the Risk Lead within Exam Technology, this role acts as the Risk Champion (Risk Facilitator), working with the Technical Responsible Officer (TRO), Head of Exam Assurance, and Solution Area leadership teams to proactively manage all categories of IT Risk related to high-stakes assessment products, ensuring risks/issues are controlled, reviewed, and action plans are managed for remediation.

6. Although primarily focused on high-stakes exam products and services, the risk management requirements and processes established by this role may be adopted across mid and low-stakes exam products and services.

Key responsibilities:

1. Develop, implement, and manage Exam Technology's Risk Management framework and associated guidelines, strategies, policies, and procedures for specific risks, taking ownership of the risk guidelines, processes, and frameworks across high-stakes assessment products and services to secure effective risk management within Exam Technology.
2. Design, develop, and manage real-time risk strategies to identify Exam Technology risks across high-stakes assessment products and services, providing instructions for prevention, controls, and solutions for any violations.
3. Investigate and review actual or potential failures of business-critical controls and processes.
4. Engage with third-party investigations such as ISO 9001 and the organisation's auditors to ensure external requirements are fully met.
5. Lead ongoing risk assessment campaigns, assurance reviews, and risk assessment reports.
6. Assist in designing and launching new high-stakes assessment products and services from a risk perspective. Lead efforts to implement and maintain risk management and evaluation processes, strategies, and procedures across Exam Technology supporting the Group-wide Risk reporting process.

Key skills/knowledge/experience:

1. Familiarity with risk management frameworks such as ISO 31000, NIST, and COSO.
2. Knowledge of risk and quality management systems and integrated risk management and quality processes.
3. Understanding of cybersecurity fundamentals, including threat modelling, vulnerability assessment, and incident response.
4. Knowledge of incident management processes, including detection, response, recovery, and post-incident analysis.
5. Awareness of external regulatory and audit requirements for IT risk and controls, including relevant laws and standards such as GDPR.
6. Knowledge of IT infrastructure, including networks, servers, databases, and cloud services.

Essential skills and experience:

1. Experience with risk and quality management systems.
2. Ability to quickly assimilate and analyse complex technical information.
3. First-class written and verbal communication skills.
4. Excellent interpersonal, negotiating, and influencing skills.
5. Ability to present to senior audiences.
6. Tact and diplomacy.
7. Ability to work under pressure.
8. Excellent judgment and strategic decision-making abilities.
9. Experience working in a technology environment and within the assessment sector.
10. Experience working with senior managers and exercising autonomous judgment.