Canada Life UK looks after the retirement, investment and protection needs of individuals, families and companies. We help to build better futures for our customers, our intermediaries and our employees by operating as a modern, agile and welcoming organisation.
Part of our parent company Great-West Lifeco, Canada Life UK has operated in the United Kingdom since 1903. We have hundreds of respected and supported employees committed to doing the right thing for our customers and colleagues.
Canada Life UK is transforming to create a more customer-focused business by providing our customers with expertise on financial and tax planning, offering home finance and annuities propositions, and providing collective fund solutions to third party customers. Job Purpose CLUK is upgrading and modernising its Information Technology estate and environment, a core part of which is migrating to a public cloud environment. To enable this we need to build IT / Cloud capability in the 2nd Line Risk team and this role is a really important step in that journey. The 1st Line IT team is also enhancing its capability in Cloud migration and management, building a Cloud Centre of Excellence (CCoE). Oversight and support from the 2nd line Risk Team is a key part of the model being designed, from both a CLUK and regulatory perspective. Reporting into the Head of Risk and Governance this is an exciting opportunity to use and expand your current skills by: • Shaping CLUK's Cloud Risk Framework • Building and owning core Cloud Risk Framework oversight processes • Working with the CCoE and European 2nd line IT teams to build appropriate control oversight and assurance processes • Providing expert 2nd line opinions, advice and challenge to support regulatory submissions and applications • Be the 2nd Line IT expert for CLUK's strategic IT ambitions and BAU risk and control environment • Represent the Risk Team on internal forums, interacting and influencing senior stakeholders
Key Accountabilities • Ensure that IT risk and control oversight processes are deployed effectively and that continuous control monitoring is in place. The target model is to use an automated data driven approach for both 1st line operation and 2nd line monitoring. • Where automation is planned for 'Day 2', this role is critical for ensuring that the 1st Line have identified key risks, remediating controls, and recorded any risk accepts with realistic timelines for remediation. • Maintain and evolve the Cloud Risk Framework • You will design and drive risk reporting and oversight mechanisms against agreed IT & Cloud Risk Appetite statements, ensuring clear 1st & 2nd line roles and responsibilities are in place for data gather, analysis and escalation processes. If something does go wrong, this makes sure we can fix it before it becomes a real problem. • Make sure the risk events, breaches and exceptions are reported, visible and acted-on by the right people • Plan and carry-out risk deep-dives to help improve the control environment • Be the 2nd Line IT & Cloud risk expert, help and guide the wider risk team • Provide regular status updates to senior stakeholders, Executive Committees and Boards • We'll be using Cloud Service Providers (3rd party suppliers) and 2nd line oversight is important to hold them to the responsibilities we agreed and ensure they maintain a robust control environment. You'll represent risk at joint committees empowered to provide advice, support and challenge.
Desired Knowledge / Experience / Skills • Knowledge and exposure of IT risk frameworks, controls and risk appetite statements, ideally for regulated organisations that operate public cloud environments • Governance risk and controls experience within the industry • Using your strong influencing skills, you'll have experience of engaging with senior management in order to get desired outcome • Strong communication skills, demonstrating a clear and articulate standard of written and verbal communication in a complex environment, tailored for all levels of management. • You are the expert but you'll need to have the skills to explain technical developments in easily understandable language to a range of stakeholders • Comprehensive knowledge of enterprise risk management and the relevant regulations, ideally including the technical aspects relating to the quantification and analysis of a wide range of risks • We'd like you to have experience of second line of defence risk oversight activities but if you're a Cloud / IT expert in the 1st Line with ambition to work in the 2nd line then you could be considered. Let's talk! • Proven track record at delivering reporting requirements under time pressure with attention to detail and pitched at the right level for the audience • You are part of a team but to support each other we need to be self-motivated, well-organised, pragmatic and able to perform tasks independently
Qualifications: Ideally, relevant IT / IT Risk Management qualification.
What you'll like about working here As a Canada Life UK colleague, you'll receive a competitive salary and comprehensive reward package including income protection, private medical insurance and life assurance, along with a generous pension and bonus scheme. You'll also receive the support you need with your personal and professional development.
Diversity and inclusion Canada Life is committed to a diverse and inclusive workplace. Our role as an employer of choice is to provide the right environment for talented people to do their best work, by respecting, understanding and valuing individual differences