Cyber Risk Manager
PermanentJob Overview
The Enterprise Risk Management (‘ERM’) team sits within the Group Risk Management function, which is comprised of three ‘pillars’: Insurance Risk, Financial & Market Risk, and ERM. Convex has a strong focus to be market leaders in the use of data and technology.
The primary role of the, newly created, Cyber Enterprise Risk Manager role is to support the Convex Group through the effective delivery of oversight and monitoring of cyber risk, specifically with respect to Artificial Intelligence (AI), emerging technologies, and data security. In addition, you will drive new technologies within the Risk team to improve automation and enhance decision making.
The primary role of the, newly created, Cyber Enterprise Risk Manager role is to support the Convex Group through the effective delivery of oversight and monitoring of cyber risk, specifically with respect to Artificial Intelligence (AI), emerging technologies, and data security. In addition, you will drive new technologies within the Risk team to improve automation and enhance decision making.
Key Responsibilities
This role will be a specialist within the Risk team. Some of the key responsibilities will include:
- Cyber & AI risk integration: enhance and embed a robust cyber and technology risk culture across the business, which will be built upon positive engagement with each business area, including the first line information security team.
- Risk assessment: help drive the completion of the quarterly Risk and Control Self-Assessment (‘RCSA’) process, specifically for cyber and technology risks, ensuring that RCSA data and MI is up to date and accurate.
- Control development: develop the framework for control effectiveness assessment and attestations for IT and security controls.
- Technology & efficiency: Develop the automation and use of technology within the team, to improve efficiency and enhance decision making and analysis.
- Incident management: monitor and manage cyber and technology risk incidents that have been reported across the Group, including updating systems and liaising with key business stakeholders to ensure relevant actions are completed.
- Risk monitoring & reporting: monitor and track risk management actions for cyber risks, ensuring all actions are up to date and any overdue actions are flagged appropriately. Ensure timely production of cyber risk reporting for the CROs before it is submitted to the Risk Committees and/or relevant Executive Committee and Boards.
- Emerging risks: monitor emerging risks and opportunities in collaboration with other members of the Risk Management function, with a particular focus on the risk landscape of AI and market-leading technology adoption.
Skills Knowledge and Expertise
We require a candidate with a passion for new technology and an analytical mindset, but no insurance background is needed. Some of the skills we are looking for include:
- Cyber & technology expertise: experience and knowledge of new technologies, ideally within financial services or consulting.
- AI risk knowledge: deep knowledge of risk frameworks related to Artificial Intelligence (AI), machine learning, and advanced data analytics.
- Analytical mindset: an analytical mindset, allowing the ability to monitor and understand both quantitative and qualitative pieces of data or information effectively.
- Challenging stakeholders: well-rounded interpersonal skills and the ability to provide constructive challenge to first-line business functions when required, ensuring robust risk documentation and assessments.
- Technology improvement: openness to technology and a desire to drive improvements with data, automation and insights.
- Teamwork: effective team player, with the ability to adapt to changing priorities and work collaboratively across the business.