Our Business Services team is a collective of creative, strategic, forward-thinking business enablers. Together the People & Culture, Clients & Markets, IT, Operations, Change Management, Innovation, Finance and Quality & Risk Management teams make it their mission to ensure Forvis Mazars has the right tools, technology, strategies, and services in place to deliver exceptional client service and future-proof our growing business.
As an Enterprise Risk Management (ERM) – Technology Risk Senior Manager, you will play a key role in overseeing the maintenance and continuous improvement of an appropriate and resilient technology and cyber risk management framework. You will provide independent and proactive oversight, challenge and advisory support to technology stakeholders to identify, assess, manage and monitor technology risks. As a Senior Manager within ERM, you will have the opportunity to help develop and embed effective firmwide enterprise risk processes, risk culture, and maturity across the firm across all Service Lines by delivering proactive, high quality and value-added service as part of a maturing central Risk Function at Forvis Mazars.
This internal facing role will principally involve working with the Enterprise Risk Director in helping to enhance and develop high-quality risk management processes, frameworks, and culture across the organisation, with a particular focus on technology risk and AI. This will include developing the strategic approach for Enterprise Risk Management reporting firmwide, developing a sustainable and value adding service for the business to manage its risk profile.
You will report to the Enterprise Risk Director. They in turn report to the Executive Committee, Chair of the Risk and Quality Committee (RQC) as well as the Audit and Risk Committee (ARC), and Governance Council (GC). You will operate within the Second Line of Defence (2LoD) framework to deliver effective oversight and challenge to senior technology stakeholders across the organisation, ensuring that technology and cyber risk functions remain within the established risk appetite and that remediation strategies are adequate.
Key Responsibilities
1. Evaluate and document cyber security, technology and data governance control compliance according to Service Line, Firmwide, and Regulatory Policies and Standards.
2. Lead the oversight and challenge of Information Security risk management, ensuring alignment with strategic objectives and regulatory expectations. For example ISO27001 and cyber Essentials +
3. Developing risk measurement methodologies to model and continually enhance the technology and cyber risk profile
4. Conduct oversight assessments of technology change and AI related projects to identify potential vulnerabilities, compliance issues, and ethical considerations.
5. Stay up to date with relevant regulatory requirements, data protection laws, and industry standards, ensuring that all technology and AI change initiatives adhere to these requirements.
6. Oversee the ethical implementation of AI, ensuring that concerns regarding bias, fairness, and transparency in AI algorithms and decision-making are appropriately addressed.
7. Provide regular reports and updates to senior management and relevant stakeholders regarding technology risk management activities, including identified risks and mitigation strategies.
8. Maintain relationships with stakeholders to facilitate oversight and effectiveness of the technical control environment
9. Validate that technology Key Risk Indicators are accurately captured and included in prioritisation activities
10. Provide strategic risk management advice and guidance on technology and cyber risks, identifying emerging risks and required actions associated with advances in technology and digital capabilities
11. Provide oversight, advice and guidance around the development of a robust data governance framework, ensuring high data quality and regulatory compliance.
12. Support the Director of Enterprise Risk Management in promoting risk management practices and risk culture aligned with the firm's risk appetite and strategy.
13. Provide people management responsibilities within the Enterprise Risk Management team.
Skills, Knowledge, and Experience
14. Expertise in technology, data governance, information security, and AI risk management, including experience working within regulated industries.
15. Professional/industry certification, or technology specific certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems (CRISC) or Certified Information Systems Auditor (CISA).
16. Experience engaging with and presenting to senior stakeholders, and challenging rationales as part of an independent function
17. Knowledge of legal and regulatory requirements related to technology, cybersecurity, data privacy, and AI.
18. Strong understanding of AI technologies, machine learning, and data analytics.
19. Self-motivated and with a desire to learn, ability to operate on multiple tasks whilst still achieving high delivery standards.
20. Excellent written and verbal communication and presentation skills