Technology Risk Manager

About Avant
Avant is Australia's leading medical defence organisation with a proud heritage of protecting Australian medical professionals for over 125 years.
Avant now represents 80,000 health practitioners and medical students across every state and territory, delivering market leading products and services to meet their professional, personal and practice needs. Building on this heritage, our vision is to be the most trusted professional partner in supporting doctors throughout their lives and careers.
As a mutual organisation, owned by members and run purely for their benefit, our members are at the centre of all we do. As well as providing products and services to our member, we play a broader community role by advocating for improvements in the healthcare system and in quality, safety and professionalism in medicine, through delivering education and research activities.
About the Role
The Technology Risk Manager is responsible for identifying, assessing, and managing risks associated with the Avant's technology infrastructure, information security, operations, and projects.
This role ensures that effective risk management practices are integrated into the technology strategy and operations while aligning with the Avant's overall risk management framework.
The Technology Risk Manager plays a key role in collaborating with various technology and business stakeholders to mitigate risks, improve Technology controls, and ensure compliance with relevant regulatory standards.
**Key requirements**:

- Demonstrate sound understanding of APRA regulations and standards in the Risk Management prudential framework, including CPS234, CPS230, CPS231.
- Develop and enhance Risk Frameworks: Contribute to implementing the Information Technology Risk Management Framework across the business, in addition to a common and centralised control methodology.
- Risk Culture and Practices: Work collaboratively across Information technology Senior Leadership, and within the Line 1 IT risk team, to embed risk management practices into everyday practices, promote a culture of innovation in risk management, embed controls, and monitor/report on issues.
- Risk Reporting and Analytics: Prepare and present regular risk reports, dashboards, and updates to senior management and risk committees. Develop and maintain technology risk registers and ensure timely updates to risk management documentation.
- Controls Enhancement and Automation: Drive initiatives to simplify and automate technology risks and controls, monitoring, quality assurance and control self-assessments

**Key accountabilities**:

- Implement and maintain the guidelines, specifications, and processes for the execution of the Avant Mutual Group Risk Management Strategy.
- Manage operational risks within the business on a daily basis, including defining risk appetite and tolerances across key operational risks.
- Coordinate and complete risk profile reviews, including review of specific business risk assessment scenarios
- Develop and coach business line team members in relation to contemporary Risk Management techniques based around ISO 31000 and the Avant Group Risk Management Framework and IT Risk Management Framework.
- Design and implement risk management tools as identified and agreed with management to enhance risk management outcomes within the business line.
- Input to development and implementation of the business line annual Business Plan from a risk perspective.
- Work closely with the Avant Group 2nd Line of Defence Risk and Compliance teams, to ensure consistently effective business risk management outcomes, and contributing to the ongoing enhancement of Risk Management practices and outcomes within the Avant Mutual Group.
- Maintain and take charge of professional development in conjunction with line manager.
- Participate in industry forums and professional groups.

**To be successful you will have**:

- Relevant tertiary qualifications - Degree
- Similar industry (preferably Insurance, Medical, Finance and or Legal area) experience.
- 3-5+ years of experience in IT risk management, cybersecurity, technology audit, or related fields.
- Proven experience working in a highly regulated industry such as financial services, insurance, or healthcare, with an understanding how to deliver to APRA regulatory requirements CPS230, CPS231, CPS234 etc.
- Strong understanding of IT systems, networks, information security principles, and cloud technologies.
- Familiarity with risk frameworks and methodologies (e.g., ISO 31000, NIST, COBIT, ITIL etc).
- Certifications highly desirable but not mandatory: (CISA), (CISSP), (CRISC), (CISM) etc
- Strong communication skills with the ability to engage and influence technology and business stakeholders at all levels.
- Highly professional attitude and to demonstrate how to influence technology co-ordination and remediation across teams.
- Analytical and problem-solving mindset with a focus on detail and accuracy.
- Ability to