Manager – First Line GRC

At M&G our purpose is to give everyone real confidence to put their money to work. As an international savings and investments business with roots stretching back more than 170 years, we offer a range of financial products and services through Asset Management, Life and Wealth. All three operating segments work together to deliver attractive financial outcomes for our clients, and superior shareholder returns.

Through our behaviours of telling it like it is, owning it now, and moving it forward together with care and integrity; we are creating an exceptional place to work for exceptional talent.

We will consider flexible working arrangements for any of our roles and also offer work place accommodations to ensure you have what you need to effectively deliver in your role.

The First Line Governance Risk and Compliance function provides oversight of policy, standards, risks and controls. The function drives a better understanding of First Line risks and will support, advise and facilitate the leadership team in actively managing risk by making decisions regarding the need for remedial actions and/or risk acceptances taking into account:

• The current First Line GRC risk profile and control environment;
• The relative scale of exposure and their likelihood of eventuating; and
• The cost and effort of remediating those exposures.

Ensure the First Line GRC control framework remains in-line with external requirements and proactively identify areas for improvements on the control environment and own the IT Risk reporting internally and externally.

The role of the External Audit Controls Assurance and Testing Manager is to test external audit controls and drive audit quality assurance activities by providing general audit support. This includes, but is not limited to, understanding the external audit requirements, external and internal emerging risk, working closely with other leads in First Line GRC function and wider M&G to support those requirements. This will include overall assessment of the implementation of controls and will be supporting control owners to define corrective actions when gaps are identified. The role will be supporting the technology controls testing and AAF quality assurance initiatives supporting the external audit as well as general issue assurance.

Primary Key Responsibilities (Top 3-5 KRA)

• Leading external audit quality assurance control testing across the Technology functions for the Financial Statement and AAF audits.  
• Supporting the Issue Assurance initiatives and validation of MetricStream Issues

Additional Responsibilities:

• Deliver the service with support of resources provided by a third party.
• Build strong professional relationships with key stakeholders and senior leaders across Technology to capture appropriate risk metric data. 
• Actively identify new approaches that enhance efficiency and the business impact of the IT risk landscapes.

Key Stakeholder Management

Internal

• Business areas and their relevant management teams
• Enterprise Technology
• Enterprise Security & Privacy
• Risk and Internal Audit

External

• External Audit

Knowledge, Skills, Experience & Educational Qualification

Knowledge:

• Expert level knowledge and understanding of the business, their processes and ambition are essential. 
• Detailed knowledge and practical experience with IT risk management practices and frameworks (COBIT, ISF SoGP, NIST, ISO 27001) 
• Working knowledge of collaboration tools and new technologies with the ability to champion team learning and coach business colleagues when required. 
• Essential knowledge of three lines of defence practice 
• Working knowledge of Financial Services, Technology industries and regulatory requirements in relation to IT risk, outsourcing and vendor management. 
• Experience of third party relationships and the Information Technology and security risks created
• Certifications like CGEIT/CRISC would be advantageous

Skills:

• Ability to translate technical and risk requirements and specifications into easily understood business concepts and vice versa.
• Able to determine risk profiles and to be accountable for these judgements and for the business activities undertaken to address them.
• Ability to build relationships at all levels in the business.
• Good organisational and system automation skills.
• Ability to drive activities in collaboration with colleagues in other areas.
• Excellent communication and stakeholder management skills 
• Remain effective in situations when responsibilities, tasks, priorities and / or work environment change significantly.
• Commercial awareness across IT marketplace incl. offshore marketplace and supplier knowledge.

Experience:

• 8yrs+ experience in Technology and/or security risk management.
• Proven experience of creating simple but concise and impactful updates/visual presentation from complex data to key stakeholders during times of increased pressure.
• Demonstrable experience at working within three line of defence model and with senior business and IT stakeholders (managing directors, directors, Chief information officer, Chief information security officer, Chief operating officer).

Educational Qualification:

• Graduate in any discipline

We have a diverse workforce and an inclusive culture at M&G plc, underpinned by our policies and our employee-led networks who provide networking opportunities, advice and support for the diverse communities our colleagues represent. Regardless of gender, ethnicity, age, sexual orientation, nationality, disability or long term condition, we are looking to attract, promote and retain exceptional people. We also welcome those who take part in military service and those returning from career breaks.

M&G is also proud to be a Disability Confident Leader, and we welcome applications from candidates with long-term health conditions, disabilities, or neuro-divergent conditions.  Being a Disability Confident Leader means that candidates who meet the minimum criteria of a job, will be offered an interview if they 'opt in' to the scheme when applying. 

If you need assistance or an alternative means of applying for a role due to a disability or additional need, please let us know by contacting us at: careers@mandg.com