Senior Manager- Risk governance- 6+yrs-Pune

Job Description

Job Title

Sr. Manager TGRC (Technology Risk Governance)

Grade

Grade 2B

Level

Expert

Job Function

Enterprise Security Privacy and Technology Risk

Job Sub Function

First Line GRC

Reports to

Asst. Vice President FL GRC (Technology Risk Governance)

Location

Pune

Business Area

M&G Global Services

Overall Job Purpose

The First Line GRC function provides oversight of IT risk policy, standards, risks and controls (including validation). The function drives a better understanding of Security and Technology related risks and will support, advise and facilitate the Technology leadership team in actively managing risk by making decisions regarding the need for remedial actions and/or risk acceptances taking into account:

• The current security and technology risk profile and control environment;

• The relative scale of exposure and their likelihood of eventuating; and

• The cost and effort of remediating those exposures.

Ensure framework remains in-line with external requirements and proactively identify areas for improvements on the control environment, support client directors as part of client due diligence meetings and own the IT risk reporting internally and externally to M&G.

The role of the Senior Manager – Risk Governance (Technology risk governance manager) is to support AVP – Risk Governance in overseeing and driving the IT risk reporting, including but not limited to production of reporting packs and board papers, as well as validation and reporting of the Management Indicators (KRIs, KPIs and KCIs). In addition, the role holder will be providing oversight over the risk culture and awareness service delivered by the outsourcing provider, oversight of Technology suppliers and will be expected to contribute to the overall GRC service improvement initiatives.

Primary Key Responsibilities (Top 3-5 KRA)

This role works with AVP - Risk Governance (First Line GRC) with a focus on:

· Providing on-going oversight, governance and reporting over the 3rd party providers, Monitoring of IT Risks, driving IT Risk Reporting, production of reporting packs and board papers

· Ensuring all Service Partners are integrated and work consistently across TGRC and relevant M&G plc risk framework, policies, processes and ways of working.

· Collaborating with the heads across First Line GRC and Technology leadership team and Supplier Performance teams to continuously improve service offerings and initiate action where performance is below set standards.

· Assist in managing and overseeing technology third-party suppliers to ensure compliance with contractual, legal, and regulatory requirements. Creating a set of dashboards/KPI’s that will monitor Service Management compliance across all support parties in the end-to-end support model.

· Support in overseeing the risk culture and awareness services delivered by the FL GRC team

Accountabilities/Responsibilities

· This role works with Asst. Vice President Risk Governance (First Line GRC) with a focus on:

· Providing on-going oversight, governance and reporting over the 3rd party providers

· Ensuring all Service Partners are integrated and work consistently across First Line GRC and relevant M&G plc risk framework, policies, processes and ways of working.

· Collaborating with the heads across First Line GRC and Technology leadership team and Supplier Performance teams to continuously improve service offerings and initiate action where performance is below set standards.

· Creating a set of dashboards/KPI’s that will monitor Service Management compliance across all support parties in the end-to-end support model.

Key Stakeholder Management

Internal

· Business areas and their relevant management teams

· Enterprise Technology

· Enterprise Security & Privacy

· Risk and IA

External

· External suppliers / outsource partners

Knowledge, Skills, Experience & Educational Qualification

Knowledge:

· Detailed knowledge and practical experience with IT risk management practices and frameworks (COBIT, ISF SoGP, NIST, ISO 27001)

· Working knowledge of collaboration tools and new technologies with the ability to champion team learning and coach business colleagues when required.

· Knowledge of vendor management frameworks and processes

· Working knowledge of Financial Services, Technology industries and regulatory requirements in relation to IT risk, outsourcing and vendor management.

· Knowledge and understanding of the Technology teams, their processes and their objectives is essential

· Knowledge of COSO framework is desirable.

· Governance and Risk related certifications such COBIT or ISMS LA etc would be an added advantage

Skills:

· Ability to translate technical and risk requirements and specifications into easily understood business concepts and vice versa.

· Excellent communication and stakeholder management skills

· Any formal technology and security risk management accreditation is desirable

· Exposure to interact with senior levels of business & technology leadership. Senior stakeholder management and relationship management skills will be required in this role.

· Ability to work independently under minimal managerial supervision. You can expect to diagnose and solve significant, complex and non-routine problems; translate practices from elsewhere and provide authoritative, technical recommendations which have a significant impact on business performance.

Experience:

· 6 yrs+ GRC experience, preferably with a good understanding of how it operates in the financial industry.

· Proven experience of creating simple but concise and impactful updates/visual presentation from complex data to key stakeholders during times of increased pressure.

· Demonstrable experience at working within a multiple supply chain environment and operating in Supplier/ Vendor Management oversight and/or IT risk management roles.

· Experience of contract and supplier management with IT risk, control assurance and reporting

Educational Qualification:

· Graduate in any discipline

M&G Behaviours relevant to all roles:

1. Tell it like it is: Respectfully speaking up to create better ways forward – both direct and empathetic.

2. Own it now: Putting your name on things with confidence to drive progress and result quickly.

3. Move it forward together: Forming cross-functional teams to seize the right opportunities and solve real problems.

…. with care and integrity.

Diversity & Inclusion is vital to the success of our business:

M&G is an inclusive employer. Enterprise Security and Privacy is deeply committed to leading the way for M&G in celebrating diverse approaches and points of view; we believe that diversity drives innovation. We are building a culture where difference is valued and a workforce that is more representative of world, we live in. Therefore, we value applications from candidates of all races, religions, gender identifications, abilities, and sexual orientation.