Head of Technology Risk Management

Job Title: Head of Technology Risk Management

Department: Risk Management Team

Reports to: SVP, Enterprise Risk Management Director

Location: Hybrid (on-site 4 days; 1 day remote each week) at our Studio Park Corporate HQ in Grand Rapids, MI or Chicago, IL office

About Acrisure

Acrisure is a global Fintech leader that combines the best of humans and high tech to offer multiple financial products and services to millions of businesses and individual clients. We connect clients to solutions that help them protect and grow what matters, including Insurance, Reinsurance, Cyber Services, Mortgage Origination and more.

Acrisure employs over 17,000 entrepreneurial colleagues in 21 countries and have grown from $38 million to $4.3 billion in revenue in just over ten years. Our culture is defined by our entrepreneurial spirit and all that comes with it: innovation, client centricity and an indomitable will to win.

Do you have a positive attitude? Are you organized and detail-oriented? Do you take personal responsibility for your work and career, and work well in a team? If you’re ready to work for a company that recognizes excellence and promotes from within, then look no further than Acrisure.

We are currently looking to add our team with an exciting opportunity as the Head of Technology Risk Management.  This position reports directly to the SVP, Enterprise Risk Management DIrector and requires both strategic and tactical problem resolution skills. 

Essential Duties and Responsibilities:

• Design and implement a best-in-class technology risk framework, including embedding of the risk and control self-assessment process, risk incident and issues management, digital operational resilience practices, product governance, and more.

• Partnering with ‘first line’ teams - primarily the CTO organization to provide risk support in the assessment of systems and infrastructure risk and security risk, including in the development of new products and features by embedding good risk practices and finding solutions to problems, identifying risks and recommending controls.

• Playing a key role in the management of technology and security related risk incidents and issues that occur 

• Supporting the development and implementation of technology risk policies, procedures, key risk indicators, key performance indicators and appetite statements

• Conducting in-depth reviews of different areas of the business, their adoption and implementation of technology, and reporting on risk matters to oversight committees, internal stakeholders and external stakeholders

• Reviewing and assessing changes to Acrisure’s technology platform and products that affect our company risk profile

• Oversee, drive and lead the Data Governance Framework. Establish and enforce data governance policies and procedures.

• Analyze the design of controls around the underlying system architecture in the context of information technology controls such as security, availability and performance and their impact on business-aligned technology groups.

• Analyze the business and technology processes to evaluate the effectiveness of the relevant technology controls.

• Promote development of educational guidance & resources for use by Technology Risk & Controls and Technology personnel

• Ensure quality standards are achieved in development and maintenance of program documentation.

• Conduct regular risk assessments and ensure compliance with industry standards.

• Collaborate with legal and compliance teams to address regulatory requirements.

• Act as a liaison with regulatory bodies, auditors, and other external stakeholders regarding risk management practices and compliance matters.

Competencies:                                                       

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Education and/or Experience:

• Working knowledge of commercial insurance, preferred

• Minimum of 15 years of experience

• Bachelor's or advanced degree in a relevant field (e.g., Information Security, Risk Management, Business Administration).

• Technology Risk professional with in-depth knowledge of IT risk, Cybersecurity, Network risk, operational risk, 3rd party risk and other risks.

• Proven experience in technology platforms and products used by financial services organizations as well as digital and technology risk and control assessments.

• Strong knowledge of relevant regulations and industry standards.

• Excellent leadership and team management skills.

• Effective communication and interpersonal skills.

Technology Skills:

• Proficiency in Microsoft Office applications (Word, Excel, PowerPoint, Outlook)

• Experience working with Workday, Monday.com preferred

• GRC implementation experience

Other Qualifications:

• Ability to contribute to a collaborative environment by consistently demonstrating teamwork, high motivation, positive behavior, and effort to achieve goals and objectives

• Self-motivated and driven

• Maintain a sense of urgency and ability to work with and meet deadlines

• Demonstrates excellent time management and organization skills

• Attention to detail and commitment to a high level of accuracy

• The ability to multi-task, prioritize, work independently, and use discretion surrounding sensitive information

• Ability to maintain a professional demeanor and positive attitude

• Demonstrated success in designing and implementing corporate-wide risk management systems and reporting for complex, multi-faceted organizations

• Excellent verbal and written communication skills including the ability to interact effectively with all levels of management

• Identify, assess, and prioritize technology risks affecting the organization and provide key technology risk insights

• Report and advise on technology risk related matters to internal and external stakeholders.

• Oversee, drive and lead the Data Governance Framework. Establish and enforce data governance policies and procedures.

• Analyze the design of controls around the underlying system architecture in the context of information technology controls such as security, availability and performance and their impact on business-aligned technology groups.

• Analyze the business and technology processes to evaluate the effectiveness of the relevant technology controls.

• Promote development of educational guidance & resources for use by Technology Risk & Controls and Technology personnel

• Ensure quality standards are achieved in development and maintenance of program documentation.

• Conduct regular risk assessments and ensure compliance with industry standards.

• Collaborate with legal and compliance teams to address regulatory requirements.

Physical Demands: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• High finger dexterity while typing documents and forms

• Occasionally lift up to 20 lbs.

Work Environment:  The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job, and reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Work is done in a temperature-controlled, non-smoking office. 

• Work stations are cubicles with moderately high sides.

• The noise level in the work environment is usually moderate.

Benefits & Perks:

• Competitive Compensation

• Industry Leading Healthcare

• Savings and Investments

• Charitable Giving Programs

• Offering hybrid work option           

• Opportunities for Growth

• Parental Leave

• Generous time away

Acrisure is committed to making an impact in our communities by giving back, with millions committed to children’s health with Helen Devos Children’s Hospital and UPMC Children's Hospital of Pittsburgh.

For more, visit www.Acrisure.com  or learn more here.

#LI-MV1

#LI-Hybrid

Acrisure is committed to employing a diverse workforce. All applicants will be considered for employment without attention to race, color, religion, age, sex, sexual orientation, gender identity, national origin, veteran, or disability status.  California residents can learn more about our privacy practices for applicants by visiting the Acrisure California Applicant Privacy Policy available at www.Acrisure.com/privacy/caapplicant.
 

To Executive Search Firms & Staffing Agencies: Acrisure does not accept unsolicited resumes from any agencies that have not signed a mutual service agreement. All unsolicited resumes will be considered Acrisure’s property, and Acrisure will not be obligated to pay a referral fee. This includes resumes submitted directly to Hiring Managers without contacting Acrisure’s Human Resources Talent Department.