Senior Group Manager, Technology Risk Management

Prudential’s purpose is to be partners for every life and protectors for every future. Our purpose encourages everything we do by creating a culture in which diversity is celebrated and inclusion assured, for our people, customers, and partners. We provide a platform for our people to do their best work and make an impact to the business, and we support our people’s career ambitions. We pledge to make Prudential a place where you can Connect, Grow, and Succeed.

As part a Global Technology Risk Management community, the role will support the LBU and Group by:

• Assuring Risk Oversight: Provide assurance and oversight on information and technology risks that may impact the LBU’s ability to achieve its business objectives.
• Risk Analysis and Recommendations: Offer objective analysis and detailed recommendations to LBU management regarding key information and technology risk areas, ensuring appropriate risk mitigation.
• Ensuring Risk Mitigation Effectiveness: Oversee the effectiveness of processes, tools, and technologies within the LBU, ensuring they are adequately mitigating risks to information and technology assets.
• Compliance Monitoring for Technology related regulations and guidelines: Collaborate with the Compliance and relevant Group functions to monitor compliance with technology related regulatory requirements, Group standards, and LBU-specific policies related to information security, technology, and data protection.
• Collaborative Risk Management: Partner with LBU operational teams to support the effective management of risks to information and technology assets.
• Independent Assurance: Provide independent assurance that information and technology risks are being managed within the risk appetite established by the Board.
• Framework Implementation Support: Collaborate closely with the Group Technology Risk Management team to ensure the successful rollout and implementation of risk frameworks, policies, and processes within the LBU.

• Develop and Implement TRM Framework: Lead the formation and successful rollout of the LBU Technology Risk Management (TRM) framework, ensuring alignment with local and regional requirements.
• Provide Expertise and Guidance: Offer technical and best practice guidance on information and technology risk, taking into account platform-specific and regional complexities.
• Risk Appetite and Key Metrics: Establish and roll out the information and technology risk appetite and key risk metrics for effective management oversight.
• Risk Register Monitoring: Proactively monitor the LBU risk register and escalate any potential risk areas for Group-level reporting, ensuring risks are appropriately rated and mitigated.
• Collaborate with Operational Risk: Work closely with the LBU Operational Risk Management (ORM) team to manage information and technology risks, ensuring alignment in risk treatment and reporting.
• Risk Culture: Promote a strong risk management culture across LBU stakeholders, focusing on managing information and technology risks effectively.
• Support Periodic Risk Reporting: Assist the LBU CRO in ensuring timely and accurate reporting of information and technology risk matters to the LBU risk committee.

Qualifications

• Education: A technology-related degree (Information Technology, Computer Science or equivalent)

• Certifications: Candidates should hold relevant certifications in areas such as Technology Risk Management, Technology Audit, IT Management, Cybersecurity, Cloud, Software Engineering, or Project Management. Examples include:

• Risk Management: CRISC (Certified in Risk and Information Systems Control)

• Audit: CISA (Certified Information Systems Auditor)

• IT Service Management: ITIL Foundation, PRINCE2, PMP

• Cloud/Network: Microsoft Certified Azure Solutions Architect Expert, (ISC)² CCSK, CompTIA Cloud Essentials

• IT/Information Security: CISSP, CISM, CompTIA Security+

• Software Development: DevOps Engineer Professional, Google DevOps Engineer, Microsoft Certified Solutions Developer

• Preferred Industry Background (in order of priority):

• Financial Services (e.g., Banking, Insurance) Consulting Firms (e.g., Big 4, Accenture) – Technology Advisory, Technology Risk Management, Internal IT Audit Services Technology Companies (e.g., Digital Fintech, Digital Banks)

Technical Experience

Candidates should demonstrate experience in identifying, managing, and reporting risks and controls in at least three or more of the following areas:

• IT Infrastructure Management: Networks, platforms (e.g., IBM, Unix, Windows), middleware, and databases.

• IT Operations: Data center management, backup, batch processing, incident and problem management.

• Application and Interface Security: Ensuring secure development practices.

• Application Development and Change Management (SDLC): Experience with the full software development lifecycle.

• IT Project Management/Delivery: Overseeing projects from initiation to completion in any specific risk / technology capacity.

• Third-Party Risk Management: Managing vendor risks effectively.

• IT Service Management: Familiarity with frameworks such as ITIL.

• Identity and Access Management (IAM): Experience with tools like SailPoint, CyberArk.

• Cybersecurity: Familiarity with frameworks like NIST, and experience with security tools and operations.

Additional Advantageous Experience:

Candidates with any risk management / auditing experience in any of the following areas will have an added advantage:

• Cloud Technologies: Experience with PaaS, IaaS, and SaaS.

• DevOps / DevSecOps: Familiarity with continuous integration and deployment processes.

• API Management: Managing API security and integration.

• Robotic Process Automation (RPA): Experience with automation tools and frameworks.

• Artificial Intelligence (AI): Familiarity with AI technologies and related risks.

• Data Governance: Managing and securing data assets.

• Agile Development: Experience with Agile methodologies.

• Mobile Device and Application Management: Securing and managing mobile technologies, including containerization.

Desirable Traits

The following traits will be an added advantage:

• Subject Matter Expert (SME): Recognized as an expert in their functional area and sought after for advice or consultation.

• Impactful Initiative Delivery: Proven track record of delivering impactful projects (e.g., automating manual processes, creating dashboards for risk identification).

• Coding/Analytics Background: Experience with tools such as Python, SQL, or similar analytics technologies.

• Industry Network: Strong industry connections to stay informed on developments in the fast-moving IT and risk landscape.

 

Prudential is an equal opportunity employer. We provide equality of opportunity of benefits for all who apply and who perform work for our organisation irrespective of sex, race, age, ethnic origin, educational, social and cultural background, marital status, pregnancy and maternity, religion or belief, disability or part-time / fixed-term work, or any other status protected by applicable law. We encourage the same standards from our recruitment and third-party suppliers taking into account the context of grade, job and location. We also allow for reasonable adjustments to support people with individual physical or mental health requirements.