Aon sp. z o.o. IT Risk & Governance Manager Aon is in the business of better decisions At Aon, we shape decisions for the better to protect and enrich the lives of people around the world.

As an organization, we are united through trust as one inclusive, diverse team, and we are passionate about helping our colleagues and clients succeed.

What the day will look like Policy & Standards Management Create, maintain, and govern technology policies, standards, and procedures in partnership with stakeholders.

Ensure documentation is current, consistent, and aligned to organizational risk appetite and regulatory requirements.

Drive periodic policy reviews, approvals, and communication across impacted teams.

Provide guidance and interpretation of policies and standards to technology and business teams.

Technology Controls & Assurance Design, implement, and maintain technology control library aligned to policies, frameworks, and regulatory expectations (e.g., access management, change management, incident management, data protection, resilience, etc.) Ensure critical systems and data are safeguarded, and controls are regularly reviewed for effectiveness and compliance Partner with Technology and Cybersecurity teams to remediate control gaps and strengthen the control environment.

Coordinate and support internal/external audits, control testing, and assurance activities Track issues, findings, and remediation plans to timely closure, escalating when necessary Technology Risk Management Identify, assess, and monitor technology risks across applications, infrastructure, and services.

Develop and maintain technology risk registers, ensuring risks are clearly documented, assessed, and tracked to remediation.

Provide risk guidance for new initiatives, technology changes, and vendor engagements.

Support the definition and monitoring of risk appetite, key risk indicators (KRIs), and metrics.

Regulatory Governance & Compliance Monitor relevant regulatory requirements, industry standards, and best practices related to technology risk (e.g., cybersecurity, operational resilience, data protection).

Support regulatory exams, inquiries, and responses for technology-related topics.

Translate regulatory expectations into practical control and process requirements for technology teams.

Prepare and deliver governance materials and risk reporting for senior management and governance forums/committees.

Stakeholder Engagement & Governance Forums Partner with Technology, Cybersecurity, Compliance, Internal Audit, and Business stakeholders to align on risk priorities and remediation plans.

Prepare clear, concise reporting on technology risk posture, key issues, and trends for leadership.

Promote a risk-aware culture by providing training and guidance on technology risk, controls, and governance.

Skills and experience that will lead to success Required: Bachelor’s degree in Information Technology, Information Security, Risk Management, Business, or related field (or equivalent experience).

Demonstrated experience (e.g., 4–8+ years) in technology risk management, IT audit, information security, technology controls, or related governance roles.

Strong understanding of technology risk concepts and common frameworks (e.g., ISO 27001, NIST, COBIT, ITIL, or similar).

Experience: with technology control design, implementation, and testing.

Knowledge of regulatory and compliance requirements related to technology and data (e.g., operational risk, data protection/privacy, cybersecurity, financial services regulations as applicable).

Proven ability to develop and manage policies, standards, and procedures.

Strong analytical, problem-solving, and documentation skills with attention to detail.

Excellent communication skills, with the ability to explain complex risk and control topics to both technical and non-technical stakeholders.

Ability to work independently and collaboratively in a fast-paced, matrixed environment.

Preferred (nice to have): Professional certifications such as CRISC, CISA, CISSP, CGEIT, or similar.

Experience: in a regulated industry (e.g., financial services, healthcare, utilities).

Experience: with GRC tools/platforms for risk, control, and issue management.

Background supporting large-scale technology programs or transformation initiatives.

How we support our colleagues In addition to our comprehensive benefits package, we encourage a diverse workforce.

Plus, our agile, inclusive environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon.

Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging you to take time to focus on yourself.

We offer a variety of working style solutions, but we also recognise that flexibility goes beyond just the place of work... and we are all for it.

We call this Smart Working!

Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential.

As a result, at Aon, you are more connected, more relevant, and more valued.

Aon values an innovative, diverse workplace where all colleagues feel empowered to be their authentic selves.

Aon is proud to be an equal opportunity workplace.

Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status.

We welcome applications from all and provide individuals with disabilities with reasonable adjustments to participate in the job application, interview process and to perform essential job functions once onboard.

If you would like to learn more about the reasonable accommodations we provide, email Reasonable Accommodations@Aon.com Please attach CV in English only. #technologyandsecurity

# 2573728

Aon sp. z o.o. IT Risk & Governance Manager Aon is in the business of better decisions At Aon, we shape decisions for the better to protect and enrich the lives of people around the world.

As an organization, we are united through trust as one inclusive, diverse team, and we are passionate about helping our colleagues and clients succeed.

What the day will look like Policy & Standards Management Create, maintain, and govern technology policies, standards, and procedures in partnership with stakeholders.

Ensure documentation is current, consistent, and aligned to organizational risk appetite and regulatory requirements.

Drive periodic policy reviews, approvals, and communication across impacted teams.

Provide guidance and interpretation of policies and standards to technology and business teams.

Technology Controls & Assurance Design, implement, and maintain technology control library aligned to policies, frameworks, and regulatory expectations (e.g., access management, change management, incident management, data protection, resilience, etc.) Ensure critical systems and data are safeguarded, and controls are regularly reviewed for effectiveness and compliance Partner with Technology and Cybersecurity teams to remediate control gaps and strengthen the control environment.

Coordinate and support internal/external audits, control testing, and assurance activities Track issues, findings, and remediation plans to timely closure, escalating when necessary Technology Risk Management Identify, assess, and monitor technology risks across applications, infrastructure, and services.

Develop and maintain technology risk registers, ensuring risks are clearly documented, assessed, and tracked to remediation.

Provide risk guidance for new initiatives, technology changes, and vendor engagements.

Support the definition and monitoring of risk appetite, key risk indicators (KRIs), and metrics.

Regulatory Governance & Compliance Monitor relevant regulatory requirements, industry standards, and best practices related to technology risk (e.g., cybersecurity, operational resilience, data protection).

Support regulatory exams, inquiries, and responses for technology-related topics.

Translate regulatory expectations into practical control and process requirements for technology teams.

Prepare and deliver governance materials and risk reporting for senior management and governance forums/committees.

Stakeholder Engagement & Governance Forums Partner with Technology, Cybersecurity, Compliance, Internal Audit, and Business stakeholders to align on risk priorities and remediation plans.

Prepare clear, concise reporting on technology risk posture, key issues, and trends for leadership.

Promote a risk-aware culture by providing training and guidance on technology risk, controls, and governance.

Skills and experience that will lead to success Required: Bachelor’s degree in Information Technology, Information Security, Risk Management, Business, or related field (or equivalent experience).

Demonstrated experience (e.g., 4–8+ years) in technology risk management, IT audit, information security, technology controls, or related governance roles.

Strong understanding of technology risk concepts and common frameworks (e.g., ISO 27001, NIST, COBIT, ITIL, or similar).

Experience: with technology control design, implementation, and testing.

Knowledge of regulatory and compliance requirements related to technology and data (e.g., operational risk, data protection/privacy, cybersecurity, financial services regulations as applicable).

Proven ability to develop and manage policies, standards, and procedures.

Strong analytical, problem-solving, and documentation skills with attention to detail.

Excellent communication skills, with the ability to explain complex risk and control topics to both technical and non-technical stakeholders.

Ability to work independently and collaboratively in a fast-paced, matrixed environment.

Preferred (nice to have): Professional certifications such as CRISC, CISA, CISSP, CGEIT, or similar.

Experience: in a regulated industry (e.g., financial services, healthcare, utilities).

Experience: with GRC tools/platforms for risk, control, and issue management.

Background supporting large-scale technology programs or transformation initiatives.

How we support our colleagues In addition to our comprehensive benefits package, we encourage a diverse workforce.

Plus, our agile, inclusive environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon.

Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging you to take time to focus on yourself.

We offer a variety of working style solutions, but we also recognise that flexibility goes beyond just the place of work... and we are all for it.

We call this Smart Working!

Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential.

As a result, at Aon, you are more connected, more relevant, and more valued.

Aon values an innovative, diverse workplace where all colleagues feel empowered to be their authentic selves.

Aon is proud to be an equal opportunity workplace.

Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status.

We welcome applications from all and provide individuals with disabilities with reasonable adjustments to participate in the job application, interview process and to perform essential job functions once onboard.

If you would like to learn more about the reasonable accommodations we provide, email Reasonable Accommodations@Aon.com Please attach CV in English only. #technologyandsecurity