IT Governance Manager

ref ID: 247


Section: Support functions


About First Actuarial

First Actuarial has been around since 2004, when a small group of like-minded actuaries came together to bring fresh thinking to pensions consultancy. Two decades later, we’re celebrating our 20th anniversary with events at all our six offices. It’s a great time to be part of First Actuarial. Following last year’s 20% revenue increase, our strong growth path has continued into this year, and we now employ around 500 people in the UK.
We’re still an independent business with no chargeable hours targets, giving our people the time to deliver their best work and excel. We shape our high-quality services by listening closely to our clients’ needs. And we price those services fairly.
As we develop our business, prospects for our people grow. Our Basingstoke, Leeds, Manchester, Peterborough, London and Tonbridge offices provide supportive work environments where everyone can make a difference. We enjoy work and celebrate our successes. And we provide support and helpful feedback so we all learn and improve.
We love numbers, but we love people more. Staff wellbeing and work-life balance have always been core values. Beyond the firm, we’re known for our integrity. We’re happy to challenge conventional thinking and speak up. Our pioneering work is set to transform the lives of millions of younger people with a new type of pension

Purpose of Role

To support the growth of the firm we are looking for an IT Governance Manager who will serve as a key liaison between the IT and Compliance teams, ensuring that technology initiatives and operations align with regulatory requirements, industry best practices, as well as business objectives and the firm’s risk appetite.
You will report to the Head of Compliance but will work closely with and provide challenge to the Head of IT and wider IT Team in meeting the needs of the business.
You will be fully supported in your development within the team and firm, through training with experienced team members within Compliance and IT and support for any relevant professional qualifications.

Key Accountabilities

Governance, Risk and Compliance

• Develop, maintain and report on IT governance frameworks, policies, and procedures in compliance with regulatory and legal requirements.
• Responsibility for maintaining the firm’s ISO27001 accreditation. This will include maintenance and continual improvement of all ISO27001 documentation and controls, managing the internal audit plan, liaising with internal auditors and ISO reps, completing internal audits, planning and co-ordinating external audits and following up on all audit-related actions.
• Promote adherence to IT security policies and standards to protect sensitive pension scheme data, in particular supporting the firm in meeting its GDPR and data retention requirements.                              • Conduct periodic risk assessments and audits to ensure that IT systems and processes comply with regulatory requirements and industry best practices.
• Act as a point of contact for IT risk-related issues, working closely with internal and external stakeholders to resolve risks.
• Provide guidance and documentation for client control assessments and complete questionnaires.
• Understand the IT aspects of the firm’s risk register, with oversight of owners, deadlines and closure of risks.

Strategic Planning & Reporting

Collaborate with senior management to ensure IT governance strategies align with the overall business objectives of the firm.
• Prepare and present reports on IT governance, compliance, and risk management to the Management Board and senior leadership.
• Support the firm in achieving new IT accreditations, from initial evaluation through to implementation, e.g. ISO27701.

Training & Awareness

• Provide guidance and training to staff on IT governance, regulatory compliance, and risk management.
• Promote a culture of awareness regarding IT governance best practices across the organisation.

Supplier Management

• Oversee the IT aspects of all third-party suppliers to ensure compliance with IT governance policies.
• Work closely with central teams to evaluate supplier risks and ensure contracts include adequate IT governance clauses.

Incident Management

• Support the incident response process by ensuring IT governance considerations are addressed during any security incidents or breaches.
• Ensure that any incidents are captured and resolved through the wider ISO logging and improvement process.
• Work with relevant teams to investigate and report on incidents, ensuring compliance with legal and regulatory obligations.

Person Specification

Skills and experience


• Proven experience (5+ years) in IT governance, risk management, or compliance, preferably within the financial services or pensions industry
• Experience working with IT governance frameworks such as ISO27001, Cyber Essentials and NIST.
• Knowledge of IT systems, networks, and security protocols, and an understanding of how they impact the pensions sector
• Evidence of writing accessible policies and procedures and delivering training
• Experience with compliance auditing and risk management tools and methodologies
• A good understanding of the IT implications of GDPR.


Education & Certifications


• Bachelor’s degree in Information Technology, Business Administration, or related field (or equivalent experience).
• Relevant IT governance and ISO audit certifications / qualifications.
Personal Attributes
• Excellent communication skills, with the ability to engage with technical and non-technical stakeholders to drive change across the organisation.
• Detail-oriented with the ability to manage multiple priorities simultaneously.
• The role will benefit from a high degree of autonomy to work with business areas and central functions to improve or implement processes, where required. This will suit someone who is comfortable working independently to achieve agreed deliverables with little supervision.


Desirable Experience:


• Strong knowledge of the pensions industry, including relevant regulations (e.g., TPR guidelines, GDPR, FCA regulations).
• Experience in working with pensions administration software or platforms.
• Familiarity with the UK pensions regulatory environment, including DC (Defined Contribution) and DB (Defined Benefit) schemes.
• Knowledge of cybersecurity trends and threat landscapes, particularly relevant to the financial sector.

What we offer you

We’ll actively support you as you build your career – and reward you for doing so. At every level of seniority, we offer:


● A competitive remuneration package, including bonus and profit-sharing payments
● Private health insurance, life insurance and income protection insurance
● 25 days annual leave as standard, increasing with length of service, an extra day at Christmas, plus bank holidays and the option to purchase additional holidays
● A non-contributory pension
● Full training and study support.


We have hybrid working in place for colleagues who prefer home-working for part of the week. We’re also flexible on working day arrangements and will happily accommodate a range of personal commitments from day one.


Our straightforward, interview-based approach to recruitment ensures equal opportunities for all applicants.


Please note that we can only accept candidates who have a right to work in the UK.


Apply now with covering letter and CV

Apply