Description:
The Senior Risk Manager supports the Thomas Miller Holdings (“TM” or “the Group”) Group Risk & Compliance Director in providing central risk services to Clubs and owned businesses, as well as support to TM Audit & Risk Committee (“ARC”) in implementing the risk management strategy and operating the system of internal controls for the Group.
The Senior Risk Manager supports TM’s risk strategy and governance framework, with a particular focus on information security, data privacy and business continuity frameworks, in order to best manage risks and defend the Group from associated internal and external threats, whilst providing assurance that proportionate compliance to relevant requirements is being maintained.
Risk Management Responsibilities:
- Providing support to the Group Risk and Compliance Director, including advising and assisting on the design and operation of the Risk Management Framework, including maintenance of the TMH Risk Register, risk categorisation, risk appetite and tolerance, key performance/risk indicators, mitigation and controls, risk management policies.
- Assisting in the preparation of Agenda papers for the TM ARC, including liaising with risk functions of Clubs and owned businesses to ensure local level risks are identified and reported as appropriate.
- Identifying and reviewing notifications by others of new or emerging risks on Emerging Risks report and loss/’near miss’ events recording on Risk Events database.
- Identifying and reviewing notifications by others of new or emerging risks and loss/’near miss’ events.
- Supporting all Thomas Miller Clubs, businesses and departments in managing their risks.
- Line manager of the Risk & Systems Analyst.
Information Security Management Responsibilities:
Responsible for developing and coordinating the TM information security, data privacy and business continuity management frameworks comprising:
- Appropriate strategies for the ongoing development of the Group’s capabilities in line with its growth, development and risk appetite
- Associated company policies, procedures and governance oversight arrangements
- Risk and control assessments for existing business activity and new initiatives
- Monitoring and reporting to senior management and the TM ARC on the Group’s information and resilience risk profile, including new and emerging threats in this regard.
- Developing and delivering assurance activities and reporting to senior management and the TM ARC to determine ongoing compliance with internal and relevant external standards.
- Supporting the Group Risk & Compliance Director and TM ARC in the development and establishment of appropriate risk appetites for information security, data privacy and business continuity risks.
- Work closely with Group IT to facilitate and monitor the implementation and maintenance of appropriate security and disaster recovery controls and capabilities (including testing) across the Group.
- Support the Group Risk & Compliance Director in assessing risks in new business proposals and prospective acquisitions.
- Coordinate and embed a positive information and resilience risk culture throughout the Group by increasing awareness of risks, relevant laws, rules and standards and ensuring management and employees are aware of their responsibilities.
- Provide advice and challenge to all Thomas Miller Clubs, businesses and departments on information security, data privacy and business continuity matters and support the development of appropriate control environments to mitigate the Group’s risks in these areas.
- Chair the Group’s Information Security Forum and coordinate the Forum’s agenda’s and reporting, both to and from the Forum from and other, relevant, risk and operational forums.
- Liaise with relevant regulatory bodies (e.g. ICO, FCA, PRA) and other external stakeholders (e.g. external auditors, clients, business partners) on the Group’s information security, data privacy and business continuity frameworks and associated activities.
- Represent the Group at relevant external industry and technical forums and bodies.
- Line manager of the three members of the IRR team.