About the Role
We are seeking an experienced Technology Governance Lead to strengthen IT governance, third-party risk management, and operational resilience for our client, a leading organisation in the insurance sector.
This role is instrumental in ensuring compliance with the Digital Operational Resilience Act (DORA), enhancing IT governance frameworks, and leading business continuity initiatives.
The position requires a proactive professional with expertise in regulatory compliance, digital resilience, and vendor governance.
This hybrid role requires a minimum of two days onsite per week, with occasional evening or weekend work for resilience testing and crisis management exercises.
Key Responsibilities
* Operational Resilience & Disaster Recovery: Lead and coordinate the annual Business Impact Assessment (BIA) process, assess IT functions against Recovery Time Objectives (RTO) / Recovery Point Objectives (RPO), develop and execute the annual Crisis Management & Disaster Recovery test plans, oversee Disaster Recovery tests and resilience exercises throughout the year, implement and manage tools for crisis communication and operational resilience tracking, conduct security assurance testing related to operational resilience, and design and deliver an annual Operational Resilience training programme.
* DORA Compliance & Digital Resilience: Maintain and enhance the Digital Operational Resilience Strategy (DORS), lead the implementation of the DORA test strategy and ensure ongoing compliance, manage the ICT Supplier Register and ensure regulatory alignment with DORA standards, provide regular reporting on Digital Operational Resilience initiatives to senior stakeholders.
* Third-Party Governance & IT Compliance: Manage relationships with ICT third parties and outsourced service providers, educate business owners on third-party compliance and regulatory obligations, ensure proper collection and management of vendor compliance documentation, support regulatory audits and address compliance gaps related to IT governance.
* Planning, Reporting & Stakeholder Engagement: Develop and maintain detailed project plans for governance and resilience initiatives, prepare high-quality reports, dashboards, and governance packs for senior management, collaborate with cross-functional teams, including Risk, Compliance, and IT Security, act as a key contact for regulatory bodies and auditors on governance matters.
Essential Skills & Experience
* Bachelors degree in Information Technology, Computer Science, or a related field.
* Proven experience in IT governance, risk management, and compliance.
* Strong background in operational resilience, disaster recovery, and third-party risk management.
* Working knowledge of financial regulations, particularly DORA.
* Previous experience in a regulated environment (financial services, insurance, banking, etc.).
Key Competencies
* Leadership & Stakeholder Management: Ability to engage with senior executives, auditors, and third-party vendors.
* Regulatory & Risk Awareness: Strong understanding of compliance frameworks (DORA, PCI DSS, ISO 27001).
* Analytical & Problem-Solving Skills: Ability to assess IT risks, propose solutions, and drive corrective actions.
* Project Management: Strong planning and organisational skills, with the ability to manage multiple workstreams.
* Communication & Reporting: Excellent verbal and written communication skills, with proficiency in Microsoft Office 365 tools.