We're looking for a Risk Oversight Analyst to work within the Cyber, Technology & Resilience team.
We're a global investment manager. We help institutions, intermediaries and individuals around the world invest money to meet their goals, fulfil their ambitions, and prepare for the future.
We have around 6,000 people on six continents. And we've been around for over 200 years, but keep adapting as society and technology changes. What doesn't change is our commitment to helping our clients, and society, prosper.
We moved into our new HQ in the City of London in 2018. We're close to our clients, in the heart of the UK's financial centre. And we have everything we need to work flexibly
Integrity and appropriate conduct are integral to Schroders' culture and approach to risk management. Active and effective risk management is at the core of Schroders' business and is regarded as a key competence by clients, consultants, regulators, counterparties, shareholders, internal stakeholders and other interested parties. Group Risk works closely with the other governance functions (Compliance, Group Internal Audit and Group Legal) in order to identify risks and provide independent challenge and oversight to the group's risk profile. The Group Risk function team consists of specialists in the following areas: - Credit Risk - Operational Risk - Investment Risk / Portfolio Compliance / Methodology & Analytics - Insurance - Emerging Risk, Capital Modelling and Stress Testing - Risk Governance and Group Policy - Enterprise Risk In addition to these specialists, resources are based in Asia, the Americas and Europe and are responsible for ensuring that the risk management process is effectively implemented in each region.
What you'll do
Technology & Information Security Risk Oversight • Provide technical 2nd line oversight of Information Security and Technology ensuring risks are escalated to appropriate senior stakeholders and work with the 1st line to improve their controls and improve risk management. • Support the Head of Risk Oversight (Technology, Cyber & Resilience) in facilitating the effectiveness of the Information Security Risk Oversight Committee (ISROC) as the primary governance forum for overseeing the management of Information Security Risk across the Group. • Undertake risk based reviews of key information security and technology processes and controls. Ensure that findings are appropriately risk assessed and management identify appropriate plans to mitigate the risk. • Develop strong and effective working relationships across all 3 lines of defence to facilitate effective identification, management and remediation of information security and technology risk.
• Provide oversight of Operational Resilience framework, tools and methodologies in line with regulatory requirements to enable the achievement of the firm's strategic objectives. • Provide oversight of key Operational Resilience deliverables including important business services, impact tolerances, resource mapping, vulnerability assessments and scenario testing. • Produce material for key risk oversight committees including ISROC and the Group Risk Committee (GRC). • Support and mentor junior members of the team in the delivery of their objectives.
The knowledge, experience and qualifications you need
• Prior experience in technology & information security risk, operational resilience, crisis management and/or business continuity, preferably within the financial services industry. • Able to understand complex information security and technology risks and explain them effectively to non-technical senior stakeholders in a fashion which ensures the risk is fully understood. • Understanding of risk and regulatory themes surrounding operational resilience including third-party risk management, vendor management and cyber (FCA/PRA Operational Resilience, DORA etc). • Broad understanding of IT infrastructure and IT Disaster Recovery from both a cloud and on-premises perspective. • Experience using business continuity planning tools and/or mass notification software. • Good understanding of technology risk and information security control frameworks (e.g. NIST, COBIT etc).
The knowledge, experience and qualifications that will help
• Risk certification (e.g. CRISC/CISM/CISA) is desirable.
What you'll be like
• Excellent inter-personal skills, able to build strong relationships, and able to influence across all levels of the organisation. • Good at working in a team, and with other teams • A real attention to detail
We're looking for the best, whoever they are
Schroders is an equal opportunities employer. You're welcome here whatever your background, race, sex, gender, sexual orientation, religious belief, age or disability.