Technology Risk Programme & Transformation Lead

---

Job description

At M&G our vision is: to become the best loved and most successful savings and investment business and we're looking for people who are excited about joining us on our journey. We're digitally transforming and investing heavily in technology and innovation to develop new and improved customer propositions that really raise the bar for our customers. To help us achieve our vision we're looking for exceptional people who live our values and behaviours and who can inspire others; embrace change; deliver results and keep it simple.

We know that an inclusive environment makes us more accessible and ensures we attract, engage, promote and retain exceptional people. We welcome applications from all individuals regardless of age, gender/gender identity, sexual orientation, ethnicity/nationality, disability, or military service and welcome those who have taken career breaks. We will consider flexible working arrangements or home working arrangements for any of our roles.

What you can expect from us:
We are committed to creating an environment where you can be exceptional at all you do. To help us deliver this, we promise to:

• Challenge Your Limits by creating a stimulating working environment and providing opportunities for you to be involved in meaningful and challenging work
• Support Your Aspirations with a commitment to learning and development that helps you achieve and build your experience with people who want you to succeed
• Value Your Input whereby leaders and managers will involve you in key decisions, listen to your thoughts and recognise the important contribution you make
• Balance Your Life through a work life partnership that focuses on making this an inclusive, diverse and friendly place to work and offers the flexibility and support that enables everyone to be at their best

How do we support our employees:
All M&G plc employees will be supported in the workplace through our M&G Employee Assistance Programme (EAP). If you need counselling, confidential financial or legal advice. The service is available 24 hours a day, 365 days a year and offers access to qualified professionals who can provide specialist information, advice and support on many issues. It offers a broad range of services, including help with family issues, maintaining work/life balance and mental health support.

Role title: Technology Risk P rogramme and T ransformation Lead
Work level: Manager or Expert

The Role:

The Technology GRC function provides oversight of IT risk policy, standards, risks and controls (including validation). The function drives a better understanding of Security and Technology related risks and will support, advise and facilitate the Technology leadership team in making decisions regarding the need for remedial actions and/or risk acceptances taking into account :

• The current security and technology risk profile and control environment;
  
• The relative scale of exposure and their likelihood of eventuating; and
  
• The cost and effort of remediating those exposures.
  

The function will assist the Chief Information Technology Officer in actively managing risk, including those associated with large scale transformation and change initiatives. Ensure framework remains in-line with external requirements and proactively identify areas for improvements on the control environment, support client directors as part of client due diligence meetings and own the IT risk reporting internally and externally to M&G.

The role of the technology risk programme and transformation lead is to oversee the third-party services and ensure that impact on IT risk as a result of on-going transformation and ever-changing environment is understood and appropriate risk treatment actions are identified, documented and followed by management The role holder is also responsible for support for large technology programmes to ensure that IT risk is taken into account as part of these transformation s and well understood by the accountable executive and programme office.

Key Work Level Accountabilities:

Manager or Expert:

• For people managers, accountable for managing and motivating others to ensure quality of delivery to customers and stakeholders
  

• For technical specialists, accountable for delivering expert advice or service, using specialist knowledge and subject matter expertise
  
• Applies judgement to deliver outcomes, evaluating a range of potential solutions, considering the impact for customers, cost and risk
  
• Manages conflicts that may impact delivery
  
• Challenges upwards given knowledge of delivery and awareness of complex systems and the broader picture
  
• Identifies and anticipates need for changes to continuously improve quality and efficiency of output
  

• Manages resources and risks using expert judgment, know-how and experience
  

Key Responsibilities for this role:

• Responsible to support Technology led material programmes and to ensure that Technology risk changes and operational impact to M&G is understood and managed.
  
• Work closely with security engineering consultant to recommend the right risk treatment approach for identified programme Technology risk and ensure that any open risks, issues and actions at the end of each programme are assessed and recorded in the GRC tool if still applicable post the close of the programme.
  

• Lead and manage the demand for technology risk assessments and be accountable for the quality of the work produced.
  
• Build and manage relationship with senior stakeholders - programme directors, CITO LT members and etc, to ensure that escalations are managed in the most efficient way.
  
• Deliver the service with support of resources provided by a third party.
  
• Building Technology risk awareness amongst staff by utilising the wider TGRC capabilities
  

K ey Knowledge, Skills & Experience:

Personal attributes:

• Significant experience in Technology and/or security risk management.
  
• Demonstrable experience at working within three line of defence model and with senior business and IT stakeholders (managing directors, directors, Chief information officer, Chief information security officer, Chief operating officer) .
  

• Proven experience of creating simple but concise and impactful updates/visual presentation from complex data to key stakeholders during times of increased pressure.
  
• Excellent communication and stakeholder management skills
  

Essential Knowledge & Experience:

The ideal candidate will have:

• Expert level knowledge and understanding of the business, their processes and ambition are essential.
  
• Detailed knowledge and practical experience with IT risk management practices and frameworks (COBIT, ISF SoGP, NIST, ISO 27001)
  
• Working knowledge of collaboration tools and new technologies with the ability to champion team learning and coach business colleagues when required.
  
• Essential knowledge of three lines of defence practice
  

• Working knowledge of Financial Services, Technology industries and regulatory requirements in relation to IT risk, outsourcing and vendor management.
  

Good to have:

We are also looking for the following skills:

• Practical experience in Technology risk management, governance and compliance space is highly desirable.
  
• Any formal technology and security risk management accreditation is desirable
  
• Previous experience in a similar role within a large multi-national enterprise within financial sector is highly desirable.
  
• Knowledge of COSO framework is desirable
  

Recruiter: Joseph Scott

We live by four behaviours at M&G and we ask all our employees to:

• Inspire Others - Support and encourage each other, creating an environment where everyone can contribute and succeed
• Embrace Change - Be open to change, willing to be challenged and able to adapt quickly and imaginatively to new ideas
• Deliver Results - Focus on outcomes, set high standards and deliver with energy and determination
• Keep it Simple - Cut through complexity and bureaucracy, be clear and decisive and never overcomplicate things