IT GRC and Resilience Manager
This job is brought to you by Jobs/Redefined, the UK's leading over-50s age inclusive jobs board.
About Ashurst
Ashurst is a leading progressive global law firm with a rich history spanning more than 200 years. We are proud of our history and are future-focused, having expanded into new technologies through our NewLaw division, Ashurst Advance, and our consulting arm. Our in-depth understanding of our clients and commitment to providing excellent standards of service have seen us become a trusted adviser to local and global corporates, financial institutions and governments in all areas of commercial law. To find out more please visit www.ashurst.com .
Department/Role overview
The IT GRC and Resilience Manager will be responsible for the strategy and programme delivery to drive an improved risk management culture across IT. This will include the implementation of an IT policy framework, risk management methodology/processes/tools and standardised governance methods.
This role will also act as an advisor on risk posture and control effectiveness across IT and support the firm's clients in understanding our risk and control effectiveness.
Main responsibilities
This role is responsible for following key areas in the Global Information Technology function of Ashurst:
Technology Risk Management
- Define and implement a technology risk policy and framework that aligns to the business and IT risk appetite.
- Own and manage an IT Risk Register with appropriate governance processes aligned to firm wide risk management.
- Implement a 1st line of defence assessment programme to determine control effectiveness.
- Provide oversight and tracking of open risk remediation, including external client audit findings.
- Implement processes and technology solutions to improve management of risk across the firm.
- Ensure Technology risk is aligned to the Ashurst enterprise and operational risk framework.
Technology Governance Framework
- Implement, maintain and continually refine a governance framework across Global IT.
- Manage and monitor all IT policies ensuring that they have ownership, are updated/reviewed regularly and clearly communicated.
- Monitor, measure and report across the information technology risk and control landscape.
- Identify any trends that may require further action e.g. improved change control, further PMO controls etc.
- Implement standard documentation/processes and drive their adoptions across Global IT.
- Support process owners to prepare procedures to underpin the approved policies.
Client Audit Relationship Management
- The IT relationship manager for client information technology requirements, including audit, contract renewal and new technology implementation.
- Act as a trusted advisor on information technology risk related activities, processes, policies and procedures across the firm and its client base.
- Ensure that information technology risk advice is aligned with business and client needs and requirements.
IT Resilience
- Maintain the Disaster Recovery Strategy/Programme for Ashurst globally in order to ensure that all business IT applications are protected in the event of disruption and business continuity protected.
- Manage and continuously improve the disaster recovery governance framework, aligned to the organisations risk management framework, including standardising documentation, streamlining process and managing exceptions.
- Maintain an annual testing schedule with up to date information, including but not limited to, Recovery Time Objectives (RTO), Recovery Point Objectives (RPO) and tracking of gaps/issues.
- Oversight of all back-up and recovery procedures to ensure they are fit for purpose.
- Work with the Business Continuity team to review and maintain Business Impact Analysis (BIA) documentation, ensuring this provides clear guidance on disaster recovery processes and attainability.
- Implement and maintain regular management reporting on the current state of Disaster Recovery provision across the organisation, benchmarking recovery performance against critical service levels and KPIs identifying service exceptions and areas for improvement/development.
- Improve awareness of disaster recovery across the organisation, including improved training and education for business and technology stakeholders.
- Act as the single point of contact for all client, audit and internal stakeholder requests for Disaster Recovery, including the provision of evidence.
- Provide subject matter expertise in disaster recovery to projects and changes implemented in the organisation, including establishing governance around the addition of new applications/services.
Information Security & Programme Management
- Liaise and work closely with the Information Security Group and the Information Security Team across the firm.
- Manage the delivery of global programmes as assigned.
- Other tasks as assigned.
- Risk and Control: Ensure that all activities and duties are carried out in full compliance with our regulatory requirements and internal policies.
Essential skills and experience
- Thorough understanding and demonstrated experience of Information Technology risk, resilience and information security.
- Industry certified such as CISSP, CISM and/or CRISC.
- General understanding of COBIT.
- Ability to work with and across all support functions in the firm.
- Excellent analytical skills.
- Excellent written and communication skills.
- Good networking skills.
- Client focused - able to listen to, understand and respond to client requirements.
- Able to operate within a project brief.
- Awareness/exposure to different software development life cycles and methods.
- Produce high level solutions/approaches, requiring systems analysis and design skills.
- High level of familiarity with MS office as a production tool.
- Liaise with colleagues in Risk and Compliance and management generally to assist with research and evaluation of software solutions from 3rd party suppliers and production of necessary deliverables such as tender documents, liaising with suppliers.
- Able to manage small projects from inception to delivery.
- Full project lifecycle experience.
- Detail oriented with an ability to work accurately and efficiently even when under pressure.
- Uses initiative - 'can do' approach - ability to complete set tasks with minimal supervision.
- Tactful and diplomatic when in pressured situations.
Desired skills and experience
- Working within a structured project framework.
- Knowledge of legal sector and current risks.
- Familiar with ITIL, Prince 2, Agile, ISO 2700 suite.
Background checks
In order to comply with regulatory and client requirements, Ashurst will undertake appropriate vetting of staff. When applicants accept a job offer, Ashurst, alongside a specialist provider, will undertake professional verification and background checks. These checks are only undertaken with consent, and in accordance with our legal and regulatory obligations.
#LI-HYBRID