Search

IT Risk & Compliance Manager

companyBrown and Brown Insurance
locationLondon, UK
PublishedPublished: Published 2 weeks ago
Enterprise Risk
You are applying for a job at:
Brown & Brown (Europe)

We are part of Brown & Brown Insurance group.

Built on meritocracy, our unique company culture rewards self-starters and those who are committed to doing what is best for our customers.

IT Risk & Compliance Manager

Location: Hybrid - London

Package: Negotiable + Benefits

We are seeking an experienced leader to join our growing organisation as the IT Risk and Compliance Manager. In this high profile role, you will be responsible for evolving, implementing, and maintaining a robust IT risk management and compliance framework that aligns with our business objectives and regulatory requirements. You will collaborate with various departments to ensure that our IT systems, processes, and data are secure, compliant, and resilient.

You will be responsible for implementing the Technology IT risk and compliance framework and maintaining the operational risk framework across all functions at Brown and Brown Europe. The role also involves being a key part of the Technology Solutions leadership team in Europe, working alongside US counterparts.

The day to day:

  • Develop and execute the IT risk and compliance strategy in alignment with the organisation's overall risk management framework.
  • Provide expert guidance and leadership on IT risk management, cybersecurity, data protection, and regulatory compliance matters.
  • Collaborate with senior leadership to integrate IT risk management into the broader business strategy.
  • Identify, assess, and prioritise IT risks, including cybersecurity threats, data breaches, and technology-related operational risks.
  • Develop and implement risk mitigation strategies and controls
  • Monitor and report on the effectiveness of risk management processes and controls.
  • Ensure the organisation's IT operations comply with relevant laws, regulations, industry standards, and internal policies.
  • Lead the development and implementation of IT compliance programs, including data privacy, cybersecurity, and IT governance.
  • Support and conduct regular compliance audits, assessments, and reviews to identify areas of non-compliance and drive corrective actions.
  • Mentor, and develop a high-performing team of IT risk and compliance professionals.
  • Foster a culture of continuous improvement, collaboration, and accountability within the team.
  • Work closely with cross-functional teams, including Legal, Finance, and Operations, to ensure a coordinated approach to IT risk and compliance.
  • Serve as the primary point of contact for internal and external audits related to IT risk and compliance.
  • Communicate effectively with senior leadership and the Board on IT risk and compliance issues, initiatives, and outcomes.
  • Oversee the incident response process for IT-related incidents, including cybersecurity breaches and data loss events.
  • Lead post-incident reviews to identify root causes and implement preventive measures.
About you:
  • Bachelor's degree in Information Technology, Computer Science, Information Security, or a related field. A Master's degree or relevant certifications (e.g., CISA, CRISC, CISSP) is highly desirable.
  • Extensive years of experience in IT risk management, compliance, or information security,
  • Proven ability to lead and mentor teams, with a track record of driving successful risk and compliance initiatives.
  • Strategic thinking with the ability to navigate complex, dynamic environments.
  • In-depth knowledge of IT risk management frameworks, cybersecurity best practices, and regulatory compliance requirements (e.g., GDPR, ISO 27001, NIST).
  • Strong understanding of enterprise IT systems, cloud computing, and emerging technologies.
  • Strong experience with SOX / IT Internal Controls audit, implementation and design improvement
  • Strong knowledge of IT auditing concepts and principles alongside understanding of IT General Controls, and ideally IT Automated Controls and IT-Dependent Controls.
  • SME level expertise in respect to information security (at least two domains of expertise) risk management processes, frameworks and regulatory aspects.
Advantageous
  • Insurance Industry experience, financial services industry experience
  • Agile delivery qualifications (eg SAFe)
The rewards:
  • A negotiable basic salary and all the normal benefits you'd expect (Holiday, company pension etc.)
  • A collaborative, open and honest environment that is designed to deliver the best outcomes to our clients and staff
  • A flexible working methodology to enable you to be where you need to be, if you don't need to be in an office then don't, if you want to be in an office your welcome to use one.
  • An environment built around supporting and developing our staff with funding available for relevant professional qualifications.
We are an Equal Opportunity Employer. We take pride in the diversity of our team and seek diversity in our applicants.