Enterprise Risk Management – Information Security Risk Manager
Our Business Services team is a collective of creative, strategic, forward-thinking business enablers. Together the People & Culture, Marketing & Communications, IT, Operations, Finance and Quality & Risk Management teams make it their mission to ensure Mazars has the right tools, technology, strategies, and services in place to deliver exceptional client service and future-proof our growing business.
As an Enterprise Risk Management – Information Security Risk Manager you will have the opportunity to help develop and embed effective firmwide Enterprise Risk processes, risk culture, and maturity across the firm across all Service Lines by delivering proactive, high quality and value-added service as part of a maturing central Risk Function at Mazars.
This internal facing role will principally involve working with the Enterprise Risk Director in helping to enhance and develop high-quality Risk Management processes, frameworks, and culture across the organisation, with a particular focus on technology risk and AI. This will include developing the strategic approach for Enterprise Risk Management reporting firmwide, developing a sustainable and value adding service for the business to manage its risk profile.
You will report to the Enterprise Risk Director. They in turn report to the Executive Committee, Chair of the Risk and Quality Committee (RQC) as well as the Audit and Risk Committee (ARC), and Governance Council (GC).
Key Responsibilities
- Assess the effectiveness of technology controls against requirements and policy statements
- Work within the 2LoD to provide oversight and challenge to senior stakeholders across the business to ensure cyber services and Information Security functions operate within the defined risk appetite, and issues are remediated
- Modelling and continuous improvement of the information technology and cyber risk profile, through the development of risk measurement methodologies
- Analyse and report on compliance of cyber and technology controls against Service Line, Firmwide and Regulatory Standards
- Maintain relationships with stakeholders to facilitate oversight and effectiveness of the technical control environment
- Support / Own reporting products used to ensure stakeholders are kept appraised of the performance of the cyber and IT control environment and deliver remedial action plans where identified risks are considered out of appetite
- Validate that business Key Risk Indicators are accurately captured and included in prioritisation activities
- Provide strategic Risk Management advice on disruptive technologies and identify emerging risks and required actions associated with advances in technology and digital capabilities
Skills, Knowledge, and Experience
- Strong understanding of Enterprise-wide Risk Management
- Professional qualifications in Risk Management such as IRM certification, or relevant certifications such as CISM or CRISC
- Experience engaging with and presenting to senior stakeholders, and challenging rationales as part of an independent function
- Background in cyber risk / information technology with knowledge of AI technologies and machine learning
- Proven decision making and problem-solving skills
- Self-motivated and with a desire to learn
- Ability to operate on multiple tasks whilst still achieving high delivery standards.
- Excellent written and verbal communication and presentation skills
- Ethical and responsible AI mindset, with a focus on bias mitigation and fairness.
Inclusion and Diversity
At Mazars inclusion and diversity are central to our values. We recognise that being an inclusive and diverse organisation makes us stronger as a business.
Benefits
Meet the recruiter
James Hardcastle
+44 7790 886857