Head of Governance and Information Technology (Belgium)
At RSA our purpose is to help people, businesses, and society prosper in good times and be resilient in bad times.
We have offices in Luxembourg, France, Spain, Belgium and the Netherlands, where we’ve embraced hybrid working and empower our 250 plus people to work flexibly in their country of employment to suit their needs and those of our customers. Our customers benefit from the diverse perspectives of our teams that serve them, solving complex problems with creative ideas.
As proud member of the Intact family, we’re part of something bigger with a presence in North America, the UK, and Europe. We aim to build a specialty solutions leader by capitalizing on a vast market opportunity, while maintaining a sub-90 operating combined ratio.
We want you to succeed with us and grow with us – and we’ll give you the tools, flexibility and learning opportunities you need to do it.
Job Description
The Head of Governance and Information Technology RSAL will have the following main areas oversight and control:
* 95% of RSAL’s Technology is supplied by RSA UK and governance of this is via a Managed Service Agreement (MSA) between RSAL and RSA UK overseen and managed by the Head of Governance and IT RSAL.
* Risk identification and impact assessment across all aspects of Information Technology for RSAL.
* Tracking and reporting key risks and their treatment to RSAL Senior Management.
* Where relevant supporting groupwide control validation and IT general controls (including Canadian NI 52-109 ITGC compliance) as part of Technology Risk Management.
* Tracking and Horizon scanning of relevant regulatory requirements across the geographies which RSAL operates in, as they apply and are relevant to the IT estate supporting RSAL.
* Owning and managing the RSAL locally owned systems, applications and tools.
* Controlling and managing the local IT infrastructure eg laptops, desk equipment and printers.
* Owning and managing compliance and creation of Group and locally owned relevant policies.
Key Responsibilities:
* Ensure the UK CIO through the MSA meets its obligations under that agreement.
* Lead the technology risk management frameworks, methodologies and control validation activities with a focus on business and customer impacts as they are relevant to RSAL.
* Be a subject matter expert in risk management for Technology, Cyber and Third-Party risk within RSAL.
* Leading role in ensuring compliance with DORA’s 4 main components; operational resilience, incident reporting, risk management and third-party risk monitoring including notifying the relevant authorities, eg the Luxembourg regulator (CAA), in event of an IT security incident.
* Oversee and be able to effectively challenge risks relating to technology to influence senior management decision-making.
* Develop and maintain the annual risk and control monitoring plan for RSAL, ensuring its effective execution and completion, reviewing annually the appropriateness and effectiveness of each key indicator in helping manage the risk profile for RSAL.
* Reporting to key RSAL governance bodies on IT risk related matters.
* Lead in-depth risk assessments and control validation activities. This includes assessment for Canadian NI 52-109 ITGC compliance.
* Monitor IT service level, capacity, availability, continuity, to achieve business requirements within acceptable limits.
* Identification of the most appropriate IT solutions and suppliers.
* Working with IT in UK senior internal representatives to review and address performance issues in RSAL branches (relationship with Wipro, Vodafone and UK).
* Coordination and control of the computer devices in RSAL.
* Access Database: Create new enquiries, security backup copies, look for the possibilities of an upgrade in the application.
* Ensure proper communications to all the users of any issue connected to General services or IT.
Skills and Experience:
* An advanced experience and background in technology risk, with approximately 10 years of experience in complex organisation or IT assurance/ consultancy.
* A subject matter expert in risk management and IT controls within CIO, with experience in control frameworks, IT regulatory compliance e.g. SOX/ Canadian NI 52-109, and a sound understanding of the regulatory environment within the geographies RSAL operates within (Luxembourg, Spain, Netherlands, France), which impacts on the governance and delivery of the IT environment, including EU wide regulations eg DORA).
* Able to lead/manage control validation review by an external supplier (RSA UK) to deliver against control validation plans including 52-109 reviews.
* Being able to effectively manage and influence, on a larger scale, our strategy and approach for risk management in conjunction with broader IT risk stakeholders at RSAL.
* Work closely with the risk team, Internal Audit and external auditors and able to highlight and challenge issues and exposure in their area to help drive focus/remediation in the right areas.
* Have a recognised Technology and/or Risk certification (e.g. CISA, COBIT5, CRISC).
* Strong communicator and influencing skill.
* Understanding of Third Party Risk Management in relation to IT suppliers.
* Used to work with decentralized teams (IS).
* Knowledge and skills in computing, software and new technologies.
Seniority level: Director
Employment type: Full-time
Job function: Information Technology
Industries: Insurance
#J-18808-Ljbffr