At Legal & General America, we aim to make a positive difference in the lives of our customers, partners, colleagues, and the communities in which they live.  As a recognized market leader of term life insurance, we’re working to transform our business through innovation and technology to provide products and solutions that help American families secure their financial futures.

We are a future-focused company, passionate about what we do and how we do it. This means working with pace and energy to reach our goals, and challenging ourselves to achieve more.  We strive to create a unique environment where balance between work and life is possible. Our employees' passion, dedication and hard work, as well as our career development opportunities, benefits, and employee activities contribute to our positive workplace culture.

The IT and Data Risk Director plays a critical role by overseeing and managing IT and data related risks, ensuring compliance with regulatory requirements, and implementing best practices.  The role holder is responsible for ensuring that current and emerging technology and data risks are appropriately understood and proactively managed within LGA (LGIA and LGRA). The IT and Data Risk Director provides oversight, challenge, support and advice with respect to information and data risk across the enterprise. The scope of this role includes information technology, information security, cyber security, data management, digital risk, emerging technologies (i.e. Artificial Intelligence), business continuity and disaster recovery.

1. Develop and maintain the IT risk management framework, policies, and procedures.

2. Provide advice and guidance on technology risk governance and framework application, and interpretation of risk appetite.

3. Working with the first line of defense, ensure effective implementation and embedding of technology policies, standards and controls in a consistent manner to minimize risk exposure supported by accurate and timely measurements and reports.

4. Conduct “deep dives” to assess the design and operation of key technology and data risks and controls. As part of the deep dives, perform walkthroughs and document end-to-end technology processes, identifying risks and key controls.  Provide results to management.

5. Perform risk and data analysis to build holistic views of the technology and data risk and control environment. Compare potential risks with company defined criteria to assess risk exposures within risk appetite and tolerances.

6. Review and provide challenge and guidance on company required risk assessments completed by the IT first line team.

7. Support the assurance of high-risk technology and data management programs by working with the business IT team in the planning and review of project delivery to ensure risks are known and managed.

8. Perform analysis of risk events and control weaknesses, assessing and reporting upon proposed remediation and lessons learned to drive improvements in the wider technology risk and control environment. Ensure effective resolution of escalated and high severity incidents.

9. Maintain and routinely update the LGA Crisis and Communications Plan. Ensure alignment with LGA Business Continuity and associated plans as well as the L&G Group Incident Response Framework.

10. Participate in and provide risk guidance on business continuity and disaster recovery exercises.

11. Develop and maintain knowledge of the external environment including relevant legislation, regulation and best practice and share this information with the IT first line team.

12. Review and challenge IT and Data risk registers to ensure robust and accurate documentation of current risk and control environment.

13. Provide input to LGA Risk and Compliance reporting to the LGA Board of Directors on the company’s material IT and data risks and mitigation factors.

14. Promote a strong risk management culture across IT providing a systematic approach to first line control that delivers effective systems and controls that manage and mitigate operational, technology and data risks.

15. Participate in due diligence of new systems, IT suppliers and partners.

16. Complete all other projects/tasks as assigned by management.

Education

College degree in Information Technology, IT Risk Management or related field

7+ years of Technology Risk Management

Experience/Knowledge

Knowledge and understanding of information security frameworks and best practices such as COBIT, ITIL and COSO

Knowledge and understanding of technology, privacy or security control frameworks (ISO 27001, NIST, NYDFS)

Advanced knowledge of desktop, server, application, database, and network security principles

for risk identification and analysis

Certifications (helpful but not required)

CRISC

CISSP

CISA

CISM

Skills

Excellent written and verbal communication skills with the ability to communicate IT and data risk related concepts to technical and non-technical audiences.

Strong interpersonal and collaborative skills; ability to effectively influence change.

             Demonstrable knowledge of technology and data risk and control practices.

What’s in it for you?

The expected hiring compensation range for this position is $167,600 - $243,050 annually.

This role will be working in a hybrid environment with up to 3 days in office per week.

The total compensation package for this position may include other elements, such as a sign-on bonus, long term incentives, and annual bonuses.  This role is eligible to participate in the Legal & General America Annual Incentive Plan. The current target payment for the position is 20% of base salary, modified for corporate and individual performance. Bonuses are pro-rated based on start date.  This role has 20 vacation days and 10 sick days that are accrued on a bi-weekly basis. Employees also have 9 paid holidays throughout the calendar year.

We have a competitive compensation and benefits package focused on your overall wellbeing.  Employee benefits include health, life, and dental insurance; 401K with company match up to 6% as well as a pension package; generous time off; and wellbeing initiatives throughout the year (we like doing fun stuff).  We’re big on professional development and we’ll support and mentor you in your career progression and expect you to help us pay it forward by helping us develop tomorrow's leaders and growth-focused professionals. We value our teams and our communities and believe in giving back. Enjoy time off to volunteer for those causes that matter most to you!

If hired, employee will be in an “at-will position” and the Company reserves the right to modify base salary (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, Company or individual department/team performance, and market factors. The Company reserves the right to change benefits plans at any time.

We are an equal opportunity employer and value diversity at our company. We do not discriminate based on race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, perform essential job functions, and receive other benefits and privileges of employment. Please contact us to request accommodation.