The opportunity:

The IT GRC team acts as a Line 1 Risk Defence team, supporting IT service owners and IT leadership around the world. The IT GRC team also routinely interacts with Enterprise Risk Management, Internal Audit, and Global Security.

This position will be responsible for helping to advance the IT GRC framework and procedures to assist IT in maintaining an effective control environment, and to continue to build a risk-minded culture. The evidence of this will be measurable results showing improvement in the overall quality of operational effectiveness through repeatable and measurable processes, and improved IT staff awareness and expertise of their risk and control environment.

What you’ll be doing:

• Risk Assessment and Management

• Perform risk assessments according to the IT GRC plan and procedures. This requires being willing to ask provocative questions and use analytical skill to analyse potential residual risk

• Perform Project risk guidance to ensure projects have considered applicable risks. Assist project and support teams in identifying, implementing, and documenting internal controls to support new services as a part of go live readiness

• Implement ad-hoc risk analysis on urgent areas of concern. This often requires working across multiple areas within the company to evaluate the risk, root-cause, and potential solutions

• Uses consistent processes for identifying potential risk events, quantifying and documenting the probability of occurrence and the impact on the business

• Collects and collates evidence as part of a formally conducted and planned review of activities, processes, products or service. Examines records as part of specified testing strategies for evidence of compliance with management directives, or the identification of abnormal occurrences

• Refers to domain authorities for guidance on niche areas of risk, such as architecture and environment

• Coordinates the development of countermeasures and contingency plans

• Quality Management and Audit

• Advises on the application of appropriate quality management techniques and standards

• Ensures that projects, teams and functions have appropriate practices in place and are meeting required interpersonal quality levels

• Resolves areas where existing processes should change from analysing audit findings

• Takes ownership for controlling, updating and distributing interpersonal standards

• Facilitates improvements to processes by changing approaches and working practices typically using recognised models

• Provides advice and guidance in the use of interpersonal standards. Performs quality assurance reviews of suppliers and throughout the supply chain

• Conducts formal audits or reviews to ensure compliance with interpersonal standards for activities, processes, data, products or services

• Leverages experience to drive improvements to the overall quality of operational effectiveness through repeatable, measurable processes

• Governance Processes and Reporting

• Provides guidance and suggestions for improved governance processes to achieve strategic operational objectives

• For projects, development or support activities; plans, organises and conducts audits and resolves whether appropriate quality control has been applied

• Assists in the development of new or improved practices and organisation processes or standard. Facilitates localised improvements to the quality of system or services

• Develop or enhance policies and related procedures for evaluating risk, establishing, and maintaining an effective system of internal control

• Collates, collects and examines records, analyses the evidence and drafts all or part of formal compliance reports

• Resolves risks associated with findings and non-compliance and proposes corrective actions

• Assist in the creation of reporting dashboards by producing metrics and key risk indicators data

• Help maintain our risk and control inventory within the Audit-Board tool

• Maintain knowledge of industry regulations and risk standard process

• Information and Records Management

• Ensures implementation of information and records management policies and standard practice

• Ensures effective controls are in place for internal delegation, audit and control relating to information and records management

• Assesses and runs risks around the use of information

• Provides reports on the consolidated status of information controls to advise effective decision making

• Recommends remediation actions as the need arises

• Ensures that information is presented optimally

• Partnership and Support

• Partners with IT Service Owners to improve awareness and expertise of their risk and control environments

• Provide audit support for IT Service Owners and act as a centralised point of contact for Internal and External audit requests

• Conducts formal reviews of activities, processes, products or services

• Collects, collates and examines records as part of specified testing strategies for evidence of compliance with management directives, or the identification of abnormal occurrences

• Analyses evidence collated and drafts part or all of formal reports commenting on the conformance found to exist in the reviewed part of an information systems environment

• Assist with special projects relating to other initiatives as assigned

• Partners with and provides expertise to other related governance functions within Markel, such as Global Security Services, Service Management, Internal Audit and Enterprise Risk Management to ensure key internal controls are in place and operating as intended

• Build, develop, and maintain strong business relationships with business and technology partners

Our must-haves:

• Experience with IT audit concepts, risk/control evaluation, process analysis, audit opinion preparation, audit research, and process testing

• Prior experience in IT GRC, Risk Management, IT Audit (preferably Big 4 Audit firm experience), or Security

• Experience with COBIT, ITIL, NIST, Secure Control Frameworks is preferred

• Experience in AuditBoard and/or other GRC tools preferred

• Experience establishing relationships and seen as a trusted partner to IT and business partners

• Prior experience in vendor management risk analysis and governance

• Willing to voice opinions and offer proposed solutions

• Comfortable working in a matrixed environment and leading challenging priorities

• Insurance industry background preferred

• A phenomenal communicator who is able to articulate governance issues in plain language based on audience

• Delivery of high-quality presentations

• Strong organisation and time management skills

• Strong analytical and problem solving skills

• Strong teammate

• Flexibility and attention to details

• Strong desire for continuous improvement

• The ability to influence without authority

• Intermediate skills in Microsoft Office products (Excel, Outlook, Visio, Word)

One or more of the following certifications:

• Certified Public Accountant (CPA), Certified Information Systems Auditor (CISA), Certified Risk Information System Control (CRISC), Certified Information Systems Manager (CISM), or Certified Information Systems Security Professional (CISSP)

• Certification in IT and business governance frameworks such as COBIT, ITIL, NIST, Secure Control Frameworks a plus

• Required - Bachelor’s degree or equivalent experience in Business Management, Accounting, Computer Science, Information Systems, other related field or military experience

• Preferred - Master’s degree or equivalent experience in Information Systems or Business Administration

Who we are:

Markel Group (NYSE – MKL) a Fortune 500 company with over 60 offices in 20+ countries, is a holding company for insurance, reinsurance, specialist advisory, and investment operations around the world.

We’re all about people | We win together | We strive for better | We enjoy the everyday | We think further

What’s in it for you?

• A great starting salary plus annual bonus & strong benefits package…

• 25 days paid holiday plus Bank Holidays, with the opportunity to buy/sell extra leave

• Fantastic company pension scheme, private medical and dental cover, life assurance, travel insurance cover, income protection, season ticket loan as well as other great benefits on offer

• There are countless opportunities to learn new skills and develop in your career and we can provide the support needed to do just that!

Are you ready to play your part?

Choose ‘Apply Now’ to fill out our short application, so that we can find out more about you.

Markel celebrates the value of a diverse workforce that brings experience and expertise from a wide variety of backgrounds and life circumstances. Whatever your background, if you feel you meet the requirements of this role then we want to hear from you. We are also happy to consider candidates who are looking for flexible working patterns.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status.

We will ensure that individuals with disabilities are provided with all reasonable accommodations to be able to participate in the job application or interview process and to perform essential job functions if successful. Please contact us via email at rec@markel.com or call us at 0161 507 5827 to request any accommodations that may be needed. This includes any alternative formats of any documents or information on how to apply offline.

DSM  

PwC  

Dentons  

IDEMIA  

Celeros Flow Technology  

Wärtsilä  

EY  

Shiseido  

adidas  

Givaudan