• Risk Assessment and Management 

• Perform risk assessments according to the IT GRC plan and procedures. This requires being willing to ask provocative questions and use analytical skill to analyze potential residual risk. 

• Perform Project risk guidance to ensure projects have considered applicable risks. Assist project and support teams in identifying, implementing, and documenting internal controls to support new services as a part of go live readiness. 

• Execute ad-hoc risk analysis on urgent areas of concern. This often requires working across multiple areas within the company to evaluate the risk, root-cause, and potential solutions. 

• Uses consistent processes for identifying potential risk events, quantifying, and documenting the probability of occurrence and the impact on the business.  

• Collects and collates evidence as part of a formally conducted and planned review of activities, processes, products or service.  Examines records as part of specified testing strategies for evidence of compliance with management directives, or the identification of abnormal occurrences. 

• Refers to domain experts for guidance on specialized areas of risk, such as architecture and environment. 

• Coordinates the development of countermeasures and contingency plans. 

• Quality Management and Audit 

• Advises on the application of appropriate quality management techniques and standards. 

• Ensures that projects, teams, and functions have appropriate practices in place and are meeting required organizational quality levels.  

• Determines areas where existing processes should change from analyzing audit findings. 

• Takes responsibility for controlling, updating, and distributing organizational standards. 

• Facilitates improvements to processes by changing approaches and working practices, typically using recognized models. 

• Provides advice and guidance in the use of organizational standards. Performs quality assurance reviews of suppliers and throughout the supply chain. 

• Conducts formal audits or reviews to ensure compliance with organizational standards for activities, processes, data, products, or services.  

• Leverages experience to drive improvements to the overall quality of operational effectiveness through repeatable, measurable processes. 

• Governance Processes and Reporting 

•  Provides guidance and suggestions for improved governance processes to achieve strategic operational objectives. 

• For projects, development, or support activities; plans, organizes, and conducts audits and determines whether appropriate quality control has been applied.  

• Assists in the development of new or improved practices and organization processes or standard. Facilitates localized improvements to the quality of system or services. 

• Develop or enhance policies and related procedures for evaluating risk, establishing, and maintaining an effective system of internal control. 

• Collates, collects, and examines records, analyses the evidence, and drafts all or part of formal compliance reports.  

• Determines the risks associated with findings and non-compliance and proposes corrective actions.  

• Assist in the creation of reporting dashboards by producing metrics and key risk indicators data. 

• Help maintain our risk and control inventory within the AuditBoard tool. 

• Maintain knowledge of industry regulations and risk best practices 

• Information and Records Management 

• Ensures implementation of information and records management policies and standard practice.  

• Ensures effective controls are in place for internal delegation, audit and control relating to information and records management.  

• Assesses and manages risks around the use of information.  

• Provides reports on the consolidated status of information controls to inform effective decision making.  

• Recommends remediation actions as required.  

• Ensures that information is presented effectively. 

• Partnership and Support 

• Partners with IT Service Owners to improve awareness and expertise of their risk and control environments. 

• Provide audit support for IT Service Owners and function as a centralized point of contact for Internal and External audit requests. 

• Conducts formal reviews of activities, processes, products, or services.  

• Collects, collates, and examines records as part of specified testing strategies for evidence of compliance with management directives, or the identification of abnormal occurrences.  

• Analyses evidence collated and drafts part or all formal reports commenting on the conformance found to exist in the reviewed part of an information systems environment. 

• Assist with special projects relating to other initiatives as assigned. 

• Partners with and provides expertise to other related governance functions within Markel, such as Global Security Services, Service Management, Internal Audit and Enterprise Risk Management to ensure key internal controls are in place and operating as intended. 

• Build, develop, and maintain strong business relationships with business and technology partners. 

Education 

• Required - bachelor’s degree in business management, Accounting, Computer Science, Information Systems, other related field, or equivalent experience. 

Preferred - master’s degree in information systems or business administration. 

Certification 

• One or more of the following certifications:  

• Certified Public Accountant (CPA), Certified Information Systems Auditor (CISA), Certified Risk Information System Control (CRISC), Certified Information Systems Manager (CISM), or Certified Information Systems Security Professional (CISSP). 

• Certification in IT and business governance frameworks such as COBIT, ITIL, NIST, Secure Control Frameworks a plus 

Insurance certifications or affiliation with industry group a plus 

Work Experience 

• Minimum of 5 years’ experience with IT audit concepts, risk/control evaluation, process analysis, audit opinion preparation, audit research, and process testing. 

• Prior experience in IT GRC, Risk Management, IT Audit (preferably Big 4 Audit firm experience), or Security 

• Experience with COBIT, ITIL, NIST, Secure Control Frameworks preferred. 

• Experience in AuditBoard and/or other GRC tools preferred. 

• Experience building relationships and seen as a trusted partner to IT and business partners. 

• Prior experience in vendor management risk analysis and governance 

• Willing to voice opinions and offer proposed solutions. 

• Comfortable working in a matrixed environment and managing various competing priorities. 

• Insurance industry background preferred. 

Skill Sets 

• Excellent written and oral communication skills 

• A great communicator who can articulate governance issues in plain language based on audience. 

• Delivery of high-quality presentations  

• Strong organization and time management skills 

• Strong analytical and critical thinking skills. 

• Strong collaborator 

• Flexibility and attention to details 

• Strong desire for continuous improvement 

• The ability to influence without authority. 

• Intermediate skills in Microsoft Office products (Excel, Outlook, Visio, Word) 

Must be authorized to work in the U.S., and not require sponsorship now or in the future.

Who we are:

Markel Group (NYSE – MKL) a fortune 500 company with over 60 offices in 20+ countries, is a holding company for insurance, reinsurance, specialist advisory and investment operations around the world.

We’re all about people | We win together | We strive for better

We enjoy the everyday | We think further

What’s in it for you:

In keeping with the values of the Markel Style, we strive to support our employees in living their lives to the fullest at home and at work. 

• We offer competitive benefit programs that help meet our diverse and changing environment as well as support our employees’ needs at all stages of life. 
• All full-time employees have the option to select from multiple health, dental and vision insurance plan options and optional life, disability, and AD&D insurance. 
• We also offer a 401(k) with employer match contributions, an Employee Stock Purchase Plan, PTO, corporate holidays and floating holidays, parental leave.  
• Markel offers hybrid working schedules of 3 days in the office and 2 days remote.  

Are you ready to play your part?

Choose ‘Apply Now’ to fill out our short application, so that we can find out more about you.

The base salary offered for the successful candidate will be based on compensable factors such as job-relevant education, job-relevant experience, training, licensure, demonstrated competencies, geographic location, and other factors. 

Caution: Employment scams

Markel is aware of employment-related scams where scammers will impersonate recruiters by sending fake job offers to those actively seeking employment in order to steal personal information. Frequently, the scammer will reach out to individuals who have posted their resume online. These "job offers" include convincing offer letters and frequently ask for confidential personal information. Therefore, for your safety, please note that:

• All legitimate job postings with Markel will be posted on No other URL should be trusted for job Markel Group Careers.
• All legitimate communications with Markel recruiters will come from Markel.com email addresses.

We would also ask that you please report any job employment scams related to Markel to [email protected].

Markel is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of any protected characteristic. This includes race; color; sex; religion; creed; national origin or place of birth; ancestry; age; disability; affectional or sexual orientation; gender expression or identity; genetic information, sickle cell trait, or atypical hereditary cellular or blood trait; refusal to submit to genetic tests or make genetic test results available; medical condition; citizenship status; pregnancy, childbirth, or related medical conditions; marital status, civil union status, domestic partnership status, familial status, or family responsibilities; military or veteran status, including unfavorable discharge from military service; personal appearance, height, or weight; matriculation or political affiliation; expunged juvenile records; arrest and court records where prohibited by applicable law; status as a victim of domestic or sexual violence; public assistance status; order of protection status; status as a smoker or nonsmoker; membership or activity in local commissions; the use or nonuse of lawful products off employer premises during non-work hours; declining to attend meetings or participate in communications about religious or political matters; or any other classification protected by applicable law. 

Should you require any accommodation through the application process, please send an e-mail to the [email protected].