London / but there can be some flexibility on location across the UK - office working 3 days a week.
Broadgate Search have been instructed to find an information and technology risk oversight lead on behalf of our client, a leading insurer.
This is a key second line of defence position, reporting to the Head of Operational Risk & Internal Control. The successful candidate will provide strategic oversight and challenge over information and technology risks — ensuring they are appropriately identified, assessed, and mitigated in line with Group and regulatory standards.
The role offers an opportunity to influence senior stakeholders, contribute to strategic resilience planning, and play a pivotal role in shaping the organisation’s information risk culture and framework.
Key Responsibilities
- Develop, implement, and embed an effective information and technology risk framework that aligns with Group and regulatory requirements.
- Lead the development of the operational and information risk appetite framework, including qualitative statements and quantitative indicators.
- Provide independent oversight and challenge to first line management on key initiatives relating to information security, technology, and data risks.
- Deliver second line challenge on major IT and change programmes, ensuring project risk methodologies are robust and effective.
- Plan and execute a risk-based oversight programme for information risk management, producing high-quality reports and actionable insights.
- Provide formal second line opinions on information and technology risk management practices and mitigation strategies.
- Support regulatory change initiatives, including operational resilience and digital operational resilience programmes, ensuring delivery to scope, time, and quality expectations.
- Review and challenge management information (MI) from the first line to ensure effective monitoring and escalation of technology risks.
- Represent the second line at key risk and governance forums, providing insight and updates to the Audit, Risk, and Compliance Committees.
- Contribute to the development and testing of internal controls relating to information risk, data management, and procurement processes.
- Advise and influence senior management and executives on technology risk and resilience matters.
- Maintain a strong understanding of emerging risks, regulatory developments, and industry best practice.
- Build and maintain strong relationships across Risk, Compliance, Internal Audit, and Group functions to ensure a coordinated approach to oversight.
- Develop and deliver targeted training and awareness on information and technology risk across the organisation.
- Proven experience within Risk or Audit functions in a regulated environment (financial services or insurance preferred).
- Degree-level education in computer science, information systems, or a related discipline.
- Experience delivering resilience-based regulatory programmes (e.g. Operational Resilience, DORA).
- Recognised professional qualification desirable (e.g. CISSP, CISM, CISA).
- Deep understanding of information and technology risk within financial services, particularly in relation to security and operational resilience.
- Familiarity with technology risk frameworks such as COBIT, ISF, or ISO 27001.
- Strong ability to develop and assess risk frameworks, controls, and risk appetite statements.
- Excellent report writing, analytical, and communication skills, with the ability to influence at senior levels.
- Confident stakeholder management skills and the ability to work effectively within a matrix structure.
- Knowledge of the Solvency II environment advantageous but not essential.
