Operational Risk Manager - Information Security Specialist 80-100%

Zurich’s Risk Team have a purpose led role to provide insights to the main stakeholders through effective risk assessments, internal risk reporting and communications, risk policy and risk reporting. The ideal future employee will support and embed the Group Risk Management mission and effectively manage risk that achieve Group strategic, operational and financial objectives.

What you will do

Governance :

Contribute to the production of policies (Zurich Policy Manuals and associated standards, instructions, as well as other guidance) and other governance documents.

Development and implementation of non-financial risk management processes in line with policy requirements.

Provide risk and control insights on non-financial risks.

Monitoring of regulatory requirements and impact assessment.

Risk Appetite, Risk Identification and Assessment, Risk response - Support 2nd line of defense in the following activities :

Updates of the Group risk appetite and tolerance statements.

Risk assessment (TRP and SAOR) activities in collaboration with GTO (Group Technology and Operations) and monitor mitigation actions.

Review and challenge the assessment of control deficiencies and adequacy of remediation initiatives.

Review and challenge, root cause analysis, and assessment of operational events.

Deep dive risk and control reviews on demand.

Crisis management exercises and operational resilience matters in collaboration with Group Operations and Business Units.

Engage with Group functions and Business Units on potential simplification initiatives (internal control framework, risk management practices).

Communicate guidance and provide training on Group relevant non-financial risk matters and ensure that GRM tools are fit for purpose.

Risk reporting :

Assist Group Risk Reporting Team on operational risk matters relevant to the execution of the Group Recovery plan.

Support ORSA related activities for ZIG and ZIC (scenario selection and quantitative analysis) and the update and the monitoring of the Group strategic TRP (qualitative risk assessment of the Group strategic risks).

Contribute to the production of quarterly risk report in collaboration with Regional and Business Units Risk teams.

Engagement :

Ensure that the first line are adopting GRM tools, templates and methodologies.

Training :

Develop and facilitate training and training materials to stakeholders, promoting a disciplined risk culture.

What you bring

• IT and Cyber risk management expertise is required.
• Prior experience in key functions such as underwriting, actuarial, finance, investment management and / or strategy is an asset.
• Solid understanding of operational risk management principles, methodologies, and best practices including knowledge of regulatory requirements, risk assessment and mitigation techniques, and risk reporting frameworks.
• Self-starter with the with a positive and can-do attitude.
• Highly disciplined and strong focus on execution and delivery,
• Able to manage challenging deadlines.
• Proactive, driven, action and results oriented.
• Excellent verbal and written communication skills.