Role: IT Risk Manager
Location: London
Contract Type: Permanent
Work Pattern: Full Time and Hybrid
About The Job
Reporting to the Head of IT, the IT Risk Manager is responsible for owning and managing the first line IT & Technology and Cyber risk framework, working closely with accountable risk owners to ensure risks are identified, assessed, controlled, reported and aligned to risk appetite. The role ensures compliance with regulatory expectations (e.g. Lloyd’s, FCA/PRA where applicable), strengthens operational resilience, and supports secure delivery of systems underpinning business operations.
Key Responsibilities
IT & Technology Risk Management
Own and maintain the IT & Technology risk framework (aligning with the second line risk function and the broader enterprise risk framework), working closely with accountable risk owners to support risk identification, assessment, mitigation, and reporting.
Work with key stakeholders to identify inherent and residual risks, control gaps, and emerging risks. Ensure all identified and emerging risks are captured (where appropriate through the risk event process) and tracked to completion within the enterprise risk management tool, Decision Focus and manage through the lifecycle to closure.
Perform technology risk assessments on core systems, cloud services, third-party platforms, and new initiatives, providing recommendations backed with supporting rationale on proposed risk response (e.g. treat, tolerate, transfer or terminate).
Working with the Head of IT, and risk owners, challenge and advise the business on control design and effectiveness across infrastructure, applications, data, and cyber security, ensuring the controls scope and definitions are fit for purpose. Oversee the timely completion of the control attestation process for relevant controls, working closely with relevant risk / control owners, for all controls owned or operated within the IT & cyber domain.
Working with the Head of IT and second line of defence, define the target risk appetite and tolerances for IT & Technology and Cyber and review / reset periodically to reflect changing business requirements, striking an optimal balance between risk and reward.
Develop and promote a risk aware / risk positive culture.
Support the Head of IT with the development and introduction of a Technology Service Ownership framework, backed by an attestation process to drive accountability and focus for managing the operational resilience of services.
Work with relevant stakeholders to develop and deploy formal business processes and associated controls to ensure that MS Amlin has informed decision making capability when it comes to management of the currency of the Technology estate.
Support the development and maturing of the IT Risk forum using dashboard driven metrics to derive new and emerging risks / issues.
Work with the Operational Resilience team to support scenario analysis and stress testing where required.
Cyber & Information Security Risk
Partner with the Business Information Security Officer (BISO) to assess and monitor cyber risks, vulnerabilities, and threat exposure.
Support cyber incident preparedness, tabletop exercises, and post-incident reviews.
Challenge and advise on key cyber controls (e.g. access management, patching, logging, data protection) to ensure risks are being approached consistently.
Third-Party & Outsourcing Risk
Input and advise on IT risks for third-party suppliers, coverholders, MGAs, and outsourcing partners.
Support onboarding, due diligence, and ongoing assurance of material service providers.
Ensure compliance with outsourcing and operational resilience requirements.
Governance, Risk & Compliance
Ensure alignment with internal policies, and regulatory expectations.
Prepare risk reports, KRIs, and dashboards for senior management, committees, and boards.
Support internal audits, external reviews, and regulatory interactions related to IT risk.
Change & Project Risk
Provide risk input to technology change initiatives, system implementations, and transformations.
Challenge project teams to ensure technology risks are identified early and appropriately mitigated.
Key Stakeholders
IT, Technology, Data, Change and Operational Resilience teams
Information Security / Cyber
Alignment with risk management within the Data function for AI/Data/Robotic risk
Risk & Compliance functions
Underwriting, Claims, and Operations
Third-party suppliers and service providers
Senior Management and Board committees
Internal and External Audit
Skills & Experience
Essential
Experience in IT risk, technology risk, or cyber risk within insurance or financial services
Strong understanding of GRC frameworks (e.g. COBIT, ISO 27001, NIST)
Knowledge of regulatory expectations relevant to insurers / syndicates
Ability to translate technical risk into clear business impact
Strong stakeholder management and written reporting skills
Ability to collaborate well with interfacing functions
Desirable
Experience in syndicate, specialty, or Lloyd’s market environments
Familiarity with cloud, data, and third-party risk
Professional certifications (e.g. CRISC, CISM, CISSP)
Experience of risk management in change projects
Key Attributes
Pragmatic risk mindset (not overly theoretical)
Confident challenger with a collaborative approach
Detail-oriented with strong judgement
Comfortable operating across both technical and business audiences
Continuous improvement and solution driven mindset
We are stronger together because of our common interests and rich differences. You may be the strength we didn’t know we needed. Believe in yourself, and click apply today!
What Can You Expect From Us?
As well as a competitive base salary and performance related discretionary bonus, here is a link to our employee benefits - Benefits of working at MS Amlin | MS Amlin
Hybrid Working
At MS Amlin we operate a hybrid working model to empower our people with flexibility to blend where they work. We value collaboration and believe that we work better together, our teams typically do 3 days a week in the office.
About MS Amlin
MS Amlin is a leading (re)insurer and part of the global MS&AD Group, with operations across Lloyd’s of London, the Middle East, and Asia Pacific. With over 120 years of experience, we support businesses facing complex and demanding risks, providing continuity in an uncertain world. Our expertise covers Property, Casualty, Marine, Crisis Management, Natural Resources and Reinsurance, backed by strong underwriting capabilities and deep sector knowledge. At the core of our claims service is TRUST - Transparency, Responsiveness, Understanding, Solution-driven thinking, and Technical expertise. This defines how we manage claims and build lasting relationships.
DE&I at MS Amlin
We will build a workplace where all talent is welcomed, and everyone has the opportunity to influence how the business works. We have dedicated employee resource groups that support our Diversity, Equity, and Inclusion (DE&I) goals.
MS Amlin is proud to be one of the founding partners of Lloyd’s Inclusive Futures programme which aims to get more Black and ethnically diverse people into the insurance industry - supporting them all the way from the classroom to the boardroom. Visit this link (Inclusive Futures Impact Report) to find out more about the programme and its aims and achievements so far.
#LI-MSAUL
