Head of IT Risk & Security

Canada Life UK looks after the retirement, investment and protection needs of individuals, families and companies. We help to build better futures for our customers, our intermediaries and our employees by operating as a modern, agile and welcoming organisation.

Part of our parent company Great-West Lifeco, Canada Life UK has operated in the United Kingdom since 1903. We have hundreds of respected and supported employees committed to doing the right thing for our customers and colleagues.

Canada Life UK is transforming to create a more customer-focused business by providing our customers with expertise on financial and tax planning, offering home finance and annuities propositions, and providing collective fund solutions to third party customers.

Job Purpose

This will include all aspects of the risk management framework (IMMMR), risk governance, enhancing risk awareness and culture, and technology resilience (DR, BCM, crisis Management and emergency response).

Manage relevant attestations and compliance reporting for Canada Life UK including the Annual Regulatory Compliance Management Statement.

The role will involve significant senior relationship and stakeholder management including engagement with LifeCo, senior executives across both the UK and broader European segment and presentations to executive and board forums.

• Lead the UK IT Risk and Security Team, by building a deep capability in security and risk management, in order to enable a step change in IT Risk Management across CLUK.
• Continuously improve our IT and Security risk management approach and culture across CLUK, by bringing lessons from the broader IT industry and security teams across Europe; driving a culture of experimentation & innovation; and identifying emerging risks; to ensure we always understand our risk position, tolerance and are always able to plan next steps to reduce risk.
• Improve risk & risk management practices across the broader UK IT teams through setting challenging and context appropriate goals/OKRs for individual teams to reduce risk; providing education and support to teams; to maintain our overall risk position as in tolerance and ensure management of risk is viewed as everyone's job.
• Sponsor for key risk related projects/programmes, by identifying the case for change and costs/benefits of proceeding; working closely with programme/project managers to lead the delivery; identifying and mitigating delivery risks; ensuring that expected benefits are successfully delivered; in order to make sure that these projects represent successful investments in CLUK, and that they achieve meaningful improvements in our risk management and residual risk positions.
• Act as an interface between the UK technology risk community and the broader European technology risk management framework, by representing the UK in European frameworks/forums etc; advocating for improvements to these frameworks, particularly when those improvements contribute to UK risk reduction; bringing technology, frameworks, and lessons learnt from the broader European community to the UK; to drive value in the form of maximum risk reduction from our broader European risk management community.
• Proactively contribute to the CLUK Technology and European Risk Leadership teams, by supporting the implementation of relevant team strategies; acting for the good of the overall team; supporting and leading team communications both within the risk and broader IT teams; advocating for the team as a whole; driving improvements in operational management processes across teams; to ensure that the CLUK IT Risk and Security represents and is recognised as a force for good across both CLUK and European Technology teams.

• An experienced Information Technology leader with a diverse range of knowledge (including Cloud infrastructure) and capabilities in a large organization across multiple geographies
• Deep knowledge of risk management frameworks and their application within a Technology environment
• SME knowledge and experience of the design, implementation and operation of Information Security controls and procedures
• Experience of Technology resiliency including DR, BCM, crisis management and emergency response would be beneficial
• An understanding of trends and regulatory focus across European regulators, particularly operational resilience and cloud infrastructure is beneficial
• The ability to partner with and relationship manage senior business executives and technology leaders to connect technology risk and business goals to achieve successful outcomes
• Experience of how to develop risk/cyber maturity and risk/cyber awareness and culture, with experience working in first line risk or second line of defense desirable
• Strong leadership and influencing skills and competencies refined through experience operating at a senior level
• Ability to lead experienced practitioners with a diverse range of knowledge and capabilities to drive business success
• The ability to set clear and challenging goals while committing the organization to improved performance; tenacious and accountable in driving results
• Listening and being able to translate the commercial and business strategies so they connect with the technology risk strategy is also imperative to success
• The ability to use a combination of logic, analysis, experience, wisdom to solve complex, difficult problems in a timely and innovative way

• Degree in Engineering, Business Administration or a technology-related field, or equivalent work or education-related experience.

Benefits of working at Canada Life

We believe in recognising and rewarding our people, so we offer a competitive salary and benefits