IT Risk Manager

Role Overview

Customer Solutions Information Technology is seeking an experienced IT Risk Manager to support the delivery of strategic, operational, and reporting objectives related to Technology Risk Management and reports to the Senior Manager, IS Risk. 

Customer Solutions operates a Three Lines of Defence (LoD) risk governance model, and this role will sit within the 1st line of defence working closely with 2nd line oversight functions within European Technology and Line of Business Risk Teams. 

This is a broad and high-impact role requiring strong relationship management across key stakeholders, including: 

Customer Solutions, Irish Life: CIO, IT Senior Leadership, CRO & 2nd Line Operational Risk, Head of Compliancee , CFO, DPO, IT Delivery Leads, BCM and PMO. 

European Technology: CISO & Technology Risk Officer, Head of Technology Risk Management, Head of Technology Internal Audit, 2nd Line Technology Risk & Operational Resilience Officer, Head of Cyber Strategy and Controls. 

Group Functions (CTS, CLUK, CLE): Heads of Technology Risk & Security / Technology Risk Leads. 

Role/Responsibilities:

European Enterprise Risk Reporting: 

• Act as delegate for the Senior Manager, IS Risk in Senior Management level meetings when required, including the Irish Life Group Risk & Security Board. 
• Build and maintain strong relationships with key stakeholders across the enterprise. 
• Prepare and deliver IT risk reports for Customer Solution executives, governance committees, the Board and regulatory authorities. 

Technology Risk Governance: 

• Assist in IT risk management responsibilities: identification, measurement, monitoring, management, and reporting (IMMMR). 
• Collaborate with IT leadership on asset estate management reports and remediation activities. 
• Conduct reviews and report on Risk and Control Self Assessments (RCSA) and ad hoc risk control assessments. 
• Manage IT Due Diligence responses to Irish Life Corporate Account Group Pension, Risk and Health Schemes.   
• Work with IT leadership and Operational Risk on scenario analysis, emerging risks, and assessments. 
• Support identification of gaps, creation of mitigations and tracking / reporting of adherence to Group IT Policies and Standards. 
• Manage Supplier Management compliance, ensuring supplier risks are identified, assessed, contractually controlled, continuously monitored, and managed in line with the organisation’s risk appetite and policies across the supplier lifecycle.  Collaborate with Architecture to ensure supplier value is maximised.  Assist with drafting and reviewing Supplier Contingecy Plans (aka Exit Plans), and take part in their testing. 
• Collaborate on information security alerts and incidents. 
• Govern the CSIT exceptions and acceptances process, ensuring risks are clearly articulated, rigorously assessed, time-bound, formally approved, monitored, and driven to remediation in line with the organisation’s risk appetite and policies. 
• Periodically review and test the Cyber-attack incident response plan. 
• Stay updated on relevant IT governance and compliance standards. 

Technology Risk Compliance & Regulatory Activities: 

• Assist in satisfying regulatory requests for IT Risk & Cyber information. 
• Collaborate on the resolution of Internal and External IT audit requests, findings and observations. 
• Support Data Privacy Impact Assessments (DPIA), Transfer Impact Assessments (TIA) and GDPR general compliance. 
• Implement compliance initiatives per regulatory guidelines. 
• Develop and Implement Technology Risk Management Framework: 
• Embed the Technology Risk Management Framework in collaboration with the CIO and Risk & Security teams. 
• Represent Customer Solutions in European Technology Forums as needed. 

People Leadership: 

· Lead, mentor, and develop a team of IT risk professionals fostering a culture of accountability, continuous improvement and collaboration. 

· Promote knowledge sharing and best practices across the team to enhance risk awareness and capability. 

Raise Awareness of Technology Risk: 

• Promote a strong risk control culture and adherence to the Code of Conduct. 
• Present updates to the IT Senior Leadership team and CSIT department to raise awareness of Technology Risk matters. 

Desired Skills & Experience

• Experience within Financial Services, preferably Insurance, would be an advantage. 
• Excellent interpersonal skills i.e. ability to listen, influence and be assertive as required.  
• Highly organised with the ability to work on own initiative and as part of a team. 
• Ability to work to deadlines and targets in a busy and demanding environment. 
• Good problem-solving skills i.e. identifying problems and proposing solutions. 
• Professional certifications would be beneficial for this role but is not essential as assistance shall be provided to gain relevant industry certifications i.e. CISA, CISM, CISSP.  

Essential Qualifications & Skills

• Third level qualification (IT or Business), or suitable professional qualifications and/or experience. 
• A strong background with 5+ years relevant experience in IT, Cyber and security risks, processes and controls and ability to converse at both a technical and non-technical level. 
• The ability to partner and manage relationships with senior technology and risk leaders and present information at various forums. 
• Previous experience in process mapping and continuous improvement initiatives. 
• Very strong attention to detail and ability to present complex information in a structured and user-friendly format. 
• Very good working knowledge of MS Excel, Word, PowerPoint & Teams. 
• Fluent in English – written and verbal. 
• For non-EU candidates, an appropriate work permit for employment in Ireland is required.