[Hiring] IT Risk and Governance Manager @Aon Corporation

Role Description

The IT Risk & Governance Manager at Aon is responsible for the following:

• Policy & Standards Management:
  • Create, maintain, and govern technology policies, standards, and procedures in partnership with stakeholders.
  • Ensure documentation is current, consistent, and aligned to organizational risk appetite and regulatory requirements.
  • Drive periodic policy reviews, approvals, and communication across impacted teams.
  • Provide guidance and interpretation of policies and standards to technology and business teams.
• Technology Controls & Assurance:
  • Design, implement, and maintain technology control library aligned to policies, frameworks, and regulatory expectations (e.g., access management, change management, incident management, data protection, resilience, etc.).
  • Ensure critical systems and data are safeguarded, and controls are regularly reviewed for effectiveness and compliance.
  • Partner with Technology and Cybersecurity teams to remediate control gaps and strengthen the control environment.
  • Coordinate and support internal/external audits, control testing, and assurance activities.
  • Track issues, findings, and remediation plans to timely closure, escalating when necessary.
• Technology Risk Management:
  • Identify, assess, and monitor technology risks across applications, infrastructure, and services.
  • Develop and maintain technology risk registers, ensuring risks are clearly documented, assessed, and tracked to remediation.
  • Provide risk guidance for new initiatives, technology changes, and vendor engagements.
  • Support the definition and monitoring of risk appetite, key risk indicators (KRIs), and metrics.
• Regulatory Governance & Compliance:
  • Monitor relevant regulatory requirements, industry standards, and best practices related to technology risk (e.g., cybersecurity, operational resilience, data protection).
  • Support regulatory exams, inquiries, and responses for technology-related topics.
  • Translate regulatory expectations into practical control and process requirements for technology teams.
  • Prepare and deliver governance materials and risk reporting for senior management and governance forums/committees.
• Stakeholder Engagement & Governance Forums:
  • Partner with Technology, Cybersecurity, Compliance, Internal Audit, and Business stakeholders to align on risk priorities and remediation plans.
  • Prepare clear, concise reporting on technology risk posture, key issues, and trends for leadership.
  • Promote a risk-aware culture by providing training and guidance on technology risk, controls, and governance.

Qualifications

• Bachelor’s degree in Information Technology, Information Security, Risk Management, Business, or related field (or equivalent experience).
• Demonstrated experience (e.g., 4–8+ years) in technology risk management, IT audit, information security, technology controls, or related governance roles.
• Strong understanding of technology risk concepts and common frameworks (e.g., ISO 27001, NIST, COBIT, ITIL, or similar).
• Experience with technology control design, implementation, and testing.
• Knowledge of regulatory and compliance requirements related to technology and data (e.g., operational risk, data protection/privacy, cybersecurity, financial services regulations as applicable).
• Proven ability to develop and manage policies, standards, and procedures.
• Strong analytical, problem-solving, and documentation skills with attention to detail.
• Excellent communication skills, with the ability to explain complex risk and control topics to both technical and non-technical stakeholders.
• Ability to work independently and collaboratively in a fast-paced, matrixed environment.

Requirements

• Professional certifications such as CRISC, CISA, CISSP, CGEIT, or similar.
• Experience in a regulated industry (e.g., financial services, healthcare, utilities).
• Experience with GRC tools/platforms for risk, control, and issue management.
• Background supporting large-scale technology programs or transformation initiatives.

Benefits

• Comprehensive benefits package.
• Diverse workforce and inclusive environment.
• Two “Global Wellbeing Days” each year.
• Variety of working style solutions and flexibility.
• Continuous learning culture to inspire and equip employees.