Chief Technology And Operations Officer

Technology And Operations Officer

With a company culture rooted in collaboration, expertise, and innovation, we aim to promote progress and inspire our clients, employees, investors, and communities to achieve their greatest potential. Our work is the catalyst that helps others achieve their goals. In short, We Enable Possibility.

The Technology And Operations Officer (CTOO) position is a key hands-on leadership role at Arch LMI and a member of the Executive Committee. The CTOO is responsible for the leadership and management of Arch LMI's:

• Technology Function, (from a strategic direction); Change Management, Regulatory Requirements & Reporting, Data Collection, Quality & Monitoring, and Product Origination.
• Operations function, including QA Analysis, Line 1 Technology Risk and Line 1 Risk – CPS 230 / FAR.

The CTOO seeks to discharge their responsibilities consistently with Arch's global management structure, operating model, and governance, risk management, and control frameworks (including associated policies and procedures), as adopted by Arch and subject to complying with Australian legal and regulatory obligations.

The CTOO reports to the Chief Executive Officer (CEO) and has the following accountable functions:

• Operations
• Technology

The CTOO is a member of several committees:

• Board Risk Committee (standing invitee)
• Board Audit Committee (standing invitee)
• Board Technology Committee (standing invitee)
• Management Technology and Privacy Committee (Chair)
• Board Technology and Privacy Committee (Chair)
• Executive Committee (Member)
• Management Risk Committee (Member)

The CTOO has senior executive responsibility for the day-to-day management of the Accountable Function of Arch, which is comprised of the following functional areas:

• Operations & Business Transformation
• Business Platforms & Security

The CTOO has the following general responsibilities:

Leading the performance of the Accountable Function in line with the Board approved strategy, business plan, and risk appetite for Arch.

• Where the Accountable Person is the Chair of a management committee, leading the committee, facilitating the effective contribution of all committee members, approving committee agendas and ensuring adequate time is available for discussion of all agenda items.
• Where the Accountable Person is a member of a management committee, participating in discussions, constructively challenging when appropriate and contributing to recommendations for decisions by the relevant decision maker.
• Determining the organizational structure and internal governance arrangements for the Accountable Function.
• Overseeing the adequacy and appropriateness of staff reporting into the Accountable Person for the Accountable Function.
• Determining the delegated responsibilities of direct reports and supervising the discharge of those responsibilities.
• Monitoring the implementation of Arch’s people policies in the Accountable Function, including in relation to training and development, performance management, people development and hiring, workplace health and safety and performance evaluation.
• Supervising the completion of mandatory, ad hoc and specialist training by and development of staff in the Accountable Function.
• Supporting the implementation of Arch’s desired culture and values in the Accountable Function.
• Monitoring the implementation of the risk management framework and strategy in the Accountable Function, including the:
• Identification, assessment, mitigation, monitoring and reporting of risks and incidents,
• Implementation of risk management controls, resources and self-assurance processes to manage risks, and
• Escalation and remediation of risks and issues as appropriate to maintain the Accountable Function’s risk profile within the approved risk appetite.
• Operating the Accountable Function consistently with relevant laws and regulations as well as Arch’s policies and standards.
• Escalating and remediating compliance breaches by the Accountable Function in accordance with the Incident Management Policy.
• Leading the delivery of projects for which the Accountable Person is a project sponsor, including in relation to project governance, budgeting, time sensitivity, resourcing, and the achievement of project outcomes within the approved risk appetite.
• Supervising the delivery of project-related responsibilities allocated to the Accountable Function by other project sponsors.
• Monitoring the management of business continuity risks in the Accountable Function, including:
• Undertaking business impact analysis to identify critical business functions, resources and infrastructure, recovery objectives and implementation strategies,
• Implementing the Business Continuity Plan (BCP) in the event of a business disruption, and
• Supporting with periodic testing of the BCP where relevant to the Accountable Function.
• Monitoring the management of risks associated with, and the performance of service providers and outsourced activities required to support the activities of the Accountable Function in accordance with Arch’s Service Provider Management framework.
• Communicating the Accountable Function’s business objectives in relation to IT to the Technology team.
• Monitoring compliance with Arch’s IT policies in the Accountable Function, including in relation to user access, information and asset management, operational security and awareness, third party security and information security incident management.
• Monitoring the collection, processing, retention, publication, security and disposal of data in the Accountable Function consistently with the Arch’s data governance policies and procedures and applicable laws and regulations.
• Where staff in the Accountable Function perform critical business functions, monitoring whether staff have provided their periodic attestations as to the availability, suitability and effectiveness of the data related controls in the Accountable Function.
• Monitoring that staff in the Accountable Function undertake ongoing training and awareness sessions on privacy, retention and data governance practices.
• Reporting to the Board, Board Committees, CEO and Senior Management Team (SMT) (as appropriate) in relation the activities of the Accountable Function.
• Escalating and advising on material issues which are within the scope of the Accountable Person’s role to the Board, Board Committees, CEO and SMT (as appropriate).
• Communicating with regulators in accordance with the Business Code of Conduct and Regulatory Engagement Procedures (local).
• Maintaining an open, constructive and cooperative relationship with regulators and external auditors.

The Accountable Person has the following functional responsibilities in respect of the Accountable Function of Arch:

• Developing, maintaining and monitoring the implementation of the service provider management framework, incorporating requirements relating to:
• Assessment of service provider options, preparing a business case and undertaking due diligence; and
• Monitoring and supervising service provider performance, including their meeting of service level criteria, and escalating any material non-compliance or issues to the Board or regulators, as required.
• Developing Arch’s approach to preventing and mitigating consumer loss from scam scams and fraud.
• Developing and delivering Arch’s technology and information security strategy, consistently with the Board-approved strategy and business plan.
• Developing and monitoring the implementation of technology and information management (including information security) frameworks, policies and standards.
• Developing, maintaining and monitoring the implementation of Arch’s technology and information security risk and control framework.
• Reviewing, monitoring, and approving testing plans for technology to ensure the effectiveness of technology and systems, including the effectiveness of the control environment, and executing the closure of any resulting actions.
• Identifying, assessing, monitoring and escalating cyber security threats, as appropriate.
• Monitoring the delivery of IT services to Arch-by-Arch Capital Services LLC (“ACS”), an offshore entity within the Arch global group.
• Monitoring and reviewing the framework for delivering change into Arch’s technology environment, including for setting appropriate controls.
• Delivering requirements, monitoring, reviewing and approving changes to systems and infrastructure in relation to new regulatory requirements.
• Monitoring the delivering of technology projects according to financial and Group requirements.
• Reporting to regulators in relation to information technology (including security) and data incidents (including privacy), where required.
• Supervising the adequate resourcing of the IT function and advising on whether the function has sufficient information security capability, funding and staffing.
• Developing and monitoring the implementation of Arch’s data governance policies and data quality standards.
• Monitoring the closure of any data governance related actions.</li