Head of Support Functions Oversight Non-Financial Risk - eFinancialCareers : Job Details

At M&G our purpose is to give everyone real confidence to put their money to work. As an international savings and investments business with roots stretching back more than 170 years, we offer a range of financial products and services through Asset Management, Life and Wealth. All three operating segments work together to deliver attractive financial outcomes for our clients, and superior shareholder returns. Through our behaviours of telling it like it is, owning it now, and moving it forward together with care and integrity; we are creating an exceptional place to work for exceptional talent. We will consider flexible working arrangements for any of our roles and also offer work place accommodations to ensure you have what you need to effectively deliver in your role. The Head of Support Functions Oversight leads second line oversight of the implementation of the Risk Management Framework across all Support Function group-wide Business Areas (covering Finance, Technology, HR, Corporate Affairs, Legal & CoSec, Strategy & Transformation, Risk & Compliance and Audit). In addition, the role holder will provide second line oversight of group framework development and implementation approach for technology (including cyber), third party, operational resilience and data (including data privacy) risks. The role holder will be accountable for any team related change including people, processes and location and report to the Non-Financial Risk Chief Risk Officer. The role holder will also be required to work closely with the broader Non-Financial Risk teams who are responsible for providing non-financial risk oversight of the Life and Assessment Management Business Units. In particular, the role holder will provide SME support and direction to these teams in the oversight of the specialist non-financial risks noted above. The role holder will be expected to liaise with stakeholders across all business areas at both ExCom and ExCom-1 level including the presentation of Non-Financial Risk related issues at various Boards and Committees, where required. Key Responsibilities for this role:

• Lead the Non-Financial Risk (NFR) engagement with the Support Function group-wide Business Areas on all Non-Financial risk matters and bring specialists in from the broader Non-Financial Risk teams as required.
• Lead the second line oversight of group framework development and implementation approach for technology (including cyber), third party, operational resilience and data (including data privacy) risks.
• Lead the engagement, scoping and management of Red Team Cyber testing activities with appropriately qualified third-party cyber specialists.
• Lead the oversight of all central technology risk infrastructure and major technology change management programmes, including membership of Steering Groups, as well as formulating risk opinions as required.
• Maintain trusted relationships with stakeholders across business areas at both ExCom and ExCom-1 level.
• Presentation of Non-Financial Risk related topics at various Boards and Committees, as well as additional Non-Executive Director engagement as required.
• Challenge and advise all Support Function Business Areas on Non-Financial Risk matters impacting business decisions.
• Challenge and advise on Non-Financial Risk coverage and control appropriateness across the Support Functions.
• Provide material input into risk reporting.
• Represent Non-Financial Risk at Business Area specific Senior Leadership Team governance committees, risk forums and team meetings and provide risk business partnering and challenge as appropriate.
• Maintain collaborative relationships between the first line and the broader Non-Financial Risk that is positive, respectful and constructive including oversight of risk culture embeddedness.
• Lead and develop a team, including the Chief Data Protection Officer, Head of Operational Risk (Support Functions) and technology and data risk managers/analysts. As well as driving collaboration across wider Risk teams and develop expertise to support the wider Risk function.
• Key contributor to the design, maintenance and ongoing development and oversight of the Non-Financial Risk Framework, developed by the broader Non-Financial Risk Team (RCSAs, Controls, Events/Issues, Risk Appetite, Reporting, Scenarios) in terms of Support Function implementation/impact and the assurance in regard to RCSAs and issues.
• Accountable for any Non-Financial Risk related change including people, processes and location within the team.
• Ensure compliance to the people policies, Group Code of Conduct and embedding desired behaviours.

Key Knowledge, Skills & Experience:

• Strong understanding of the regulatory framework for Non-Financial Risk Management and measurement within financial services, in particular technology (including cyber), data, third party and operational resilience.
• A good understanding of IT technical architecture, enabling holistic oversight and challenge to IT risks and security
• Clear understanding the COBIT (Control Objectives for Information and Related Technology), NIST (National Institute of Standards and Technology) Frameworks
• Experience in CBEST Threat Intelligence-Led Assessment exercises.
• Experience in Non-Financial risk oversight including the embedding of an Non-Financial Risk framework in the first line of defence.
• Significant experience of analysing and interpreting complex rules and regulations and applying such knowledge to provide solutions to business problems and issues
• A good understanding of the risk environment facing M&G plc and the confidence to challenge the first line in the identification and assessment of their key risks and controls.
• Strong knowledge of Insurance and Asset Management business is beneficial but not essential.
• Strong stakeholder management and relationship building skills.
• Proven track record leading and developing a team.
• Strong analytical skills.
• Strong presentation skills to senior level boards and committees with the ability to explain and articulate risk related asset management / insurance concepts.
• Certified Information Systems Security Professional qualification or similar is beneficial but not essential.

Experience Level: Integration Leader Recruiter: Helen Simons We have a diverse workforce and an inclusive culture at M&G plc, underpinned by our policies and our employee-led networks who provide networking opportunities, advice and support for the diverse communities our colleagues represent. Regardless of gender, ethnicity, age, sexual orientation, nationality,