Job Overview

Apply now My client is a leading Asset Manager based in the city. They are currently searching for an Investment Risk Manager reporting into the Head of Information Risk to join their growing team. The Information Risk team forms a 2nd Line of Defence function, with primary responsibility to operate the Information Security Management System and oversee of information security across the firm. The Information Security Management System is certified compliant with ISO27001. As such, risk and policy management is a core part of the cycle of planning and assessment, under the governance structure. Role Profile The purpose of the role is to operate the risk and policy management function within the Information Risk team. This comprises: Ownership and maintenance of the information risk profiles within the company-wide RCSAManagement and operation of the ISMS risk management cycle and risk structureAssessment of information risks with support where necessary from the Head of Information RiskMaintenance and distribution of complete, current, compliant and coherent policy and standard setsManagement and operation of the ISMS policy exception management cycle In addition to the core responsibilities, you will participate in the broader functions of the team, including: Approvals for high-sensitivity access and privilegeResponse to customer and prospect diligence enquiriesResponse to colleagues and assistance with training and awareness programmes.Support and evidence for auditsIdentification and selection of tools and systems for efficient operation of the Information Risk function Knowledge & Skills Desired The role is primarily addressing risk management rather than information technology controls, however exposure to IT and cyber risk management is likely to be very valuable. Experience of the cycle of risk assessment, treatment and review is important.The role depends on familiarity with policy as a tool and a control, and it will benefit from experience building relationships with users and stakeholders to develop and maintain policy and standards.The role does not have direct responsibility for ISO27001-compliance but the standard does set the context and so some familiarity would be useful.Some understanding of investment management business and regulators would be beneficial but is not essential.We would expect to see analytical and organisational skills with the ability to work independently, and as part of a wider team, with minimal supervision. The role requires an analytical thinker good written and spoken communication skills.Experience of Corporate RiskUnderstanding of Information Risk (including Information Technology Risk)Able to work autonomouslyAble to engage with senior stakeholders across the various divisions of our business (strong communication skills and a degree of gravitas)

Key Requirements

Investment Risk Risk Management