Technology Risk & Operational Resilience Specialist

Job Type:

Build a brilliant future with Hiscox
 

About Hiscox UK

Hiscox UK is a leading brand in the insurance market, recognised as setting the standards others try to emulate. We consistently deliver strong growth and exceptional returns, recruiting only the very best and empowering them to deliver. We are known for insuring the homes of the rich and famous through to the most innovative technology companies. Our customers are diverse and unique and are only united by our ability to provide specialist insurance tailored to their needs.

The Role

The primary focus for this role is strengthening Hiscox’s IT Operational Resilience, ensuring we can recover swiftly from disruptions while continuing to support our customers and colleagues. It involves managing and embedding resilience by design within the IT framework, driving continuous improvement through scenario testing to uncover vulnerabilities and guide corrective actions. Additionally, the role oversees tech risk, control, and governance within the UK business unit, ensuring robust processes are in place and fostering a culture of accountability, effective risk management, and strong governance practices.

The role holder will work closely with the Head of Service and Support to understand all UK Important Business Services and develop a deep understanding of the critical technology and suppliers needed to support these services.  The role will be key to ensuring we deliver and can evidence a robust and resilient position by ensuring our technology and partners adhere to and maintain the Hiscox and industry standards expected of them. Understanding our key risks and managing these risks in accordance with our regulatory commitments is key to the role.

Based in York, this role will work closely with UK Technology leadership team, the Change PMO manager and colleagues across technology and change, Group Technology and Tech Services.

Key Responsibilities:

Managing Tech Risk & Operational Resilience requirements across the UK IT Function, ensuring critical activities are delivered effectively, including:

• Supporting the Operational Resilience Team to conduct annual reviews and updates of governance and BAU artifacts (e.g. strategy, scenario testing library, intolerable harm definitions, governance frameworks, and learning outputs).

• Periodically review IT resources that support the delivery of our Important Business Services, in collaboration with Business Service Owners, department heads and in line with regulatory developments.

• Leading scenario testing within UK and Group Application Support teams, identifying vulnerabilities and ensuring lessons learned and translate into remedial actions.

• Embedding Operational Resilience into third-party IT contracts and supporting the resolution of any resilience gaps.

• Providing input into Operational Resilience Impact Assessments, for change impacting IT applications and systems, promoting resilience by design and continuous improvement.

• Providing input into Operational Resilience reporting from an IT perspective.

• Advising HIC colleagues on Operational Resilience matters relevant to UK IT.

• Managing the Application Support Risk and Control environment, including oversight and completion of Shield actions, ensuring timely remediation and regular updates.

• Reporting on risk and control effectiveness in relation to UK IT to relevant UK governance forums.

• Ensuring relevant governance frameworks are adhered to across the Application Support Team.

• Embedding robust root cause analysis processes to avoid recurrence of issues and risk events.

• Fostering a risk-aware culture within UK Support, offering guidance on governance practices and frameworks.

• Acting as a key liaison between UK Support and Conduct/Compliance teams to ensure alignment and transparency.

Group Technology Risk

• Ensure all UK risks are identified, analysed, mitigated, reported and monitored. Ensure Group Technology Services (ITS) provide timely updates for the technology consumed from them by the UK

• Work with the Project teams and Value Streams to ensure that Operational Resilience is embedded by design with any technology that underpins our IBS

• Support the Head of Service and Support to embed structured and evolving Risk Management governance and practices to all teams as appropriate

• Work with Group Risk and Audit to ensure alignment of Group Frameworks and compliance Writing UK IT elements of the papers

• Liaising with Group IT and Cyber Teams to obtain updates for risk reporting

• Work with procurement and Infosec to ensure alignment and understanding of their supplier due diligence to create a streamline and every improving process

• Log and report any risks to services provided that could cause an operational or security compromise to the business.

Supplier Due Diligence & Governance

• Adopt and put forwards recommendations to improve processes to track and measure aligned to under-pinning commercial service agreements and internal measures to ensure agreed due diligence commitments are being met

• Ensuring MI, results, risks, issues, or activity pertaining to Operational Resilience and IT risk is documented and reported to relevant Governance forums

• Update the UK vendor elements of the UK application catalogue, and the Critical IT Third Party register ensuring all information captured is up to date and accurate

• Provide information and artifacts to support the UK operational resilience position for critical IT Third parties.

Candidate Profile

Experience required:

• Strong understanding of technology, and the ability to converse and understand IT solutions, constraints and dependencies on critical business processes

• Good experience in a similar role within the industry is essential

• Strong organisational and time management skills

• Strong communication and interpersonal skills - ensuring confidence in conflict resolution and the ability to tailor own style to the audience

• Commercially astute with risk management experience, within a complex multi-source service / supplier environment

• Good knowledge of working with and managing third party Service Providers

• Ability to run meetings, workshops and to speak confidently with vendors and internal stakeholders. 

Diversity and flexible working at Hiscox

At Hiscox we care about our people. We hire the best people for the job and we’re committed to diversity and creating a truly inclusive culture, which we believe drives success. We also understand that working life doesn’t always have to be ‘nine to five’ and we support flexible working wherever we can. No promises, but please chat to our resourcing team about the flexibility we could offer for this role.

Work with amazing people and be part of a unique culture