IT Risk and Governance Manager

About The Position

Requirements

• Bachelor’s degree in Information Technology, Information Security, Risk Management, Business, or related field (or equivalent experience).
• Demonstrated experience (e.g., 4–8+ years) in technology risk management, IT audit, information security, technology controls, or related governance roles.
• Strong understanding of technology risk concepts and common frameworks (e.g., ISO 27001, NIST, COBIT, ITIL, or similar).
• Experience with technology control design, implementation, and testing.
• Knowledge of regulatory and compliance requirements related to technology and data (e.g., operational risk, data protection/privacy, cybersecurity, financial services regulations as applicable).
• Proven ability to develop and manage policies, standards, and procedures.
• Strong analytical, problem-solving, and documentation skills with attention to detail.
• Excellent communication skills, with the ability to explain complex risk and control topics to both technical and non-technical stakeholders.
• Ability to work independently and collaboratively in a fast-paced, matrixed environment.

Nice To Haves

• Professional certifications such as CRISC, CISA, CISSP, CGEIT, or similar.
• Experience in a regulated industry (e.g., financial services, healthcare, utilities).
• Experience with GRC tools/platforms for risk, control, and issue management.
• Background supporting large-scale technology programs or transformation initiatives.

Responsibilities

• Create, maintain, and govern technology policies, standards, and procedures in partnership with stakeholders.
• Ensure documentation is current, consistent, and aligned to organizational risk appetite and regulatory requirements.
• Drive periodic policy reviews, approvals, and communication across impacted teams.
• Provide guidance and interpretation of policies and standards to technology and business teams.
• Design, implement, and maintain technology control library aligned to policies, frameworks, and regulatory expectations (e.g., access management, change management, incident management, data protection, resilience, etc.)
• Ensure critical systems and data are safeguarded, and controls are regularly reviewed for effectiveness and compliance
• Partner with Technology and Cybersecurity teams to remediate control gaps and strengthen the control environment.
• Coordinate and support internal/external audits, control testing, and assurance activities
• Track issues, findings, and remediation plans to timely closure, escalating when necessary
• Identify, assess, and monitor technology risks across applications, infrastructure, and services.
• Develop and maintain technology risk registers, ensuring risks are clearly documented, assessed, and tracked to remediation.
• Provide risk guidance for new initiatives, technology changes, and vendor engagements.
• Support the definition and monitoring of risk appetite, key risk indicators (KRIs), and metrics.
• Monitor relevant regulatory requirements, industry standards, and best practices related to technology risk (e.g., cybersecurity, operational resilience, data protection).
• Support regulatory exams, inquiries, and responses for technology-related topics.
• Translate regulatory expectations into practical control and process requirements for technology teams.
• Prepare and deliver governance materials and risk reporting for senior management and governance forums/committees.
• Partner with Technology, Cybersecurity, Compliance, Internal Audit, and Business stakeholders to align on risk priorities and remediation plans.
• Prepare clear, concise reporting on technology risk posture, key issues, and trends for leadership.
• Promote a risk-aware culture by providing training and guidance on technology risk, controls, and governance.

Benefits

• In addition to our comprehensive benefits package, we encourage a diverse workforce.
• Plus, our agile, inclusive environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon.
• Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging you to take time to focus on yourself.
• We offer a variety of working style solutions, but we also recognise that flexibility goes beyond just the place of work... and we are all for it.
• We call this Smart Working!
• Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential.
• As a result, at Aon, you are more connected, more relevant, and more valued.
• Aon values an innovative, diverse workplace where all colleagues feel empowered to be their authentic selves.
• Aon is proud to be an equal opportunity workplace.
• Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status.
• We welcome applications from all and provide individuals with disabilities with reasonable adjustments to participate in the job application, interview process and to perform essential job functions once onboard.