Chief Technology and Operations Officer

With a company culture rooted in collaboration, expertise and innovation, we aim to promote progress and inspire our clients, employees, investors and communities to achieve their greatest potential. Our work is the catalyst that helps others achieve their goals. In short, We Enable Possibility℠.

JOB SUMMARY

Arch Financial Holdings Australia Pty Ltd and its subsidiaries (“Arch LMI”) are an APRA licensed provider of Lenders Mortgage Insurance (“LMI”). ALMI is a subsidiary of Arch Capital Group Ltd (“ACGL”); which is a S&P 500 global provider of insurance and reinsurance across a variety of product lines. The Technology and Operations Officer (“CTOO”) position is a key hands-on leadership role at Arch LMI and a member of the Executive Committee. The CTOO is responsible for the leadership and management of Arch LMI’s:

• Technology Function, (from a strategic direction); Change Management, Regulatory Requirements & Reporting, Data Collection, Quality & Monitoring, and Product Origination.
• Operations function, including QA Analysis, Line 1 Technology Risk and Line 1 Risk – CPS 230 / FAR.

The details of the CTOOs Job Description are consistent with Arch’s Accountability statement required under the Financial Accountability Regime Act 2023 (Cth) (FAR Act).

Limitations & exclusions of responsibility

• The CTOO seeks to discharge their responsibilities consistently with Arch’s global management structure, operating model and governance, risk management and control frameworks (including associated policies and procedures), as adopted by Arch and subject to complying with Australian legal and regulatory obligations.
• The responsibilities related to the key functions allocated to the Accountable Person are as described in this Job description and not as described in Attachment B to the Financial Accountability Regime Act (Information for Register) Regulator Rules 2024 (Cth).

Accountable person details

Reports to: Chief Executive Officer (CEO)

Accountable Function

• Operations, and
• Technology.

Board Committee Memberships

AFHA, Arch Indemnity and Arch LMI:

• Board Risk Committee (standing invitee),
• Board Audit Committee (standing invitee), and
• Board Technology Committee (standing invitee).

Executive Committee Memberships

Chair of:

• Management Technology and Privacy Committee, and
• Board Technology and Privacy Committee.

Member of:

• Executive Committee, and
• Management Risk Committee.

Responsibilities under s10(1) and 10(6) of the FAR Act

The Accountable Person has senior executive responsibility for the day-to-day management of the Accountable Function of Arch, which is comprised of the following functional areas:

• Operations and business transformation, and
• Business Platforms and security.

Responsibilities under s10(2) and 10(3) of the FAR Act as prescribed under the Minister rules

In respect of AFHA and Arch Indemnity, senior executive responsibility for management or control of:

• Operations,
• Data management, and
• Technology management.

Key functions

• Operational risk management,
• Technology and Digital, and
• Scam management.

DETAILED RESPONSIBILITIES OF THE ACCOUNTABLE PERSON

The part or aspect of the operations of the accountable entity or SRE which the accountable person has actual or effective responsibility for management or control (s33(a)(i) of the FAR Act):

The Accountable Person has senior executive responsibility for the day-to-day management of the Accountable Function of Arch, which is comprised of the following functional areas:

• Operations & Business Transformation, and
• Business Platforms & Security.

General responsibilities

The Accountable Person has the following general management responsibilities in respect of the Accountable Function of Arch, to the extent they are relevant to the activities of the Accountable Function:

Strategy and business plan

Leading the performance of the Accountable Function in line with the Board approved strategy, business plan and risk appetite for Arch.

Organisational structure and governance

• Where the Accountable Person is the Chair of a management committee, leading the committee, facilitating the effective contribution of all committee members, approving committee agendas and ensuring adequate time is available for discussion of all agenda items.
• Where the Accountable Person is a member of a management committee, participating in discussions, constructively challenging when appropriate and contributing to recommendations for decisions by the relevant decision maker.
• Determining the organisational structure and internal governance arrangements for the Accountable Function.

People and culture

• Overseeing the adequacy and appropriateness of staff reporting into the Accountable Person for the Accountable Function.
• Determining the delegated responsibilities of direct reports and supervising the discharge of those responsibilities.
• Monitoring the implementation of Arch’s people policies in the Accountable Function, including in relation to training and development, performance management, people development and hiring, workplace health and safety and performance evaluation.
• Supervising the completion of mandatory, ad hoc and specialist training by and development of staff in the Accountable Function.
• Supporting the implementation of Arch’s desired culture and values in the Accountable Function.

Risk management and culture

Monitoring the implementation of the risk management framework and strategy in the Accountable Function, including the:

• Identification, assessment, mitigation, monitoring and reporting of risks and incidents,
• Implementation of risk management controls, resources and self-assurance processes to manage risks, and
• Escalation and remediation of risks and issues as appropriate to maintain the Accountable Function’s risk profile within the approved risk appetite.

Compliance

• Operating the Accountable Function consistently with relevant laws and regulations as well as Arch’s policies and standards.
• Escalating and remediating compliance breaches by the Accountable Function in accordance with the Incident Management Policy.

Operational risk

• Leading the delivery of projects for which the Accountable Person is a project sponsor, including in relation to project governance, budgeting, time sensitivity, resourcing, and the achievement of project outcomes within the approved risk appetite.
• Supervising the delivery of project-related responsibilities allocated to the Accountable Function by other project sponsors.
• Monitoring the management of business continuity risks in the Accountable Function, including:
• Undertaking business impact analysis to identify critical business functions, resources and infrastructure, recovery objectives and implementation strategies,
• Implementing the Business Continuity Plan (BCP) in the event of a business disruption, and
• Supporting with periodic testing of the BCP where relevant to the Accountable Function.
• Monitoring the management of risks associated with, and the performance of service providers and outsourced activities required to support the activities of the Accountable Function in accordance with Arch’s Service Provider Management framework.

Information technology and security (including cyber security)

• Communicating the Accountable Function’s business objectives in relation to IT to the Technology team.
• Monitoring compliance with Arch’s IT policies in the Accountable Function, including in relation to user access, information and asset management, operational security and awareness, third party security and information security incident management.

Data management

• Monitoring the collection, processing, retention, publication, security and disposal of data in the Accountable Function consistently with the Arch’s data governance policies and procedures and applicable laws and regulations.
• Where staff in the Accountable Function perform critical business functions, monitoring whether staff have provided their periodic attestations as to the availability, suitability and effectiveness of the data related controls in the Accountable Function.
• Monitoring that staff in the Accountable Function undertake ongoing training and awareness sessions on privacy, retention and data governance practices.

Reporting, escalation and advice

• Reporting to the Board, Board Committees, CEO and Senior Management Team (SMT) (as appropriate) in relation the activities of the Accountable Function.
• Escalating and advising on material issues which are within the scope of the Accountable Person’s role to the Board, Board Committees, CEO and SMT (as appropriate).

Regulatory engagement

• Communicating with regulators in accordance with the Business Code of Conduct and Regulatory Engagement Procedures (local).
• Maintaining an open, constructive and cooperative relationship with regulators and external auditors.

Functional responsibilities

The Accountable Person has the following functional responsibilities in respect of the Accountable Function of Arch:

Service provider management

Developing, maintaining and monitoring the implementation of the service provider management framework, incorporating requirements relating to:

• Assessment of service provider options, preparing a business case and undertaking due diligence; and
• Monitoring and supervising service provider performance, including their meeting of service level criteria, and escalating any material non-compliance or issues to the Board or regulators, as required.

Scams management

Developing Arch’s approach to preventing and mitigating consumer loss from scam scams and fraud.

IT Strategy, information management and IT Frameworks

• Developing and delivering Arch’s technology and information security strategy, consistently with the Board-approved strategy and business plan.
• Developing and monitoring the implementation of technology and information management (including information security) frameworks, policies and standards.
• Developing, maintaining and monitoring the implementation of Arch’s technology and information security risk and control framework.
• Reviewing, monitoring, and approving testing plans for technology to ensure the effectiveness of technology and systems, including the effectiveness of the control environment, and executing the closure of any resulting actions.
• Identifying, assessing, monitoring and escalating cyber security threats, as appropriate.

• Monitoring the delivery of IT services to Arch-by-Arch Capital Services LLC (“ACS”), an offshore entity within the Arch global group.

Technology change management

• Monitoring and reviewing the framework for delivering change into Arch’s technology environment, including for setting appropriate controls.

• Delivering requirements, monitoring, reviewing and approving changes to systems and infrastructure in relation to new regulatory requirements.
• Monitoring the delivering of technology projects according to financial and Group requirements.

Supporting regulatory reporting

Reporting to regulators in relation to information technology (including security) and data incidents (including privacy), where required.

Sufficient resourcing of the IT function

Supervising the adequate resourcing of the IT function and advising on whether the function has sufficient information security capability, funding and staffing.

Data collection, quality, management, monitoring and controls

• Developing and monitoring the implementation of Arch’s data governance policies and data quality standards.
• Monitoring the closure of any data governance related actions.
• Leading Arch’s data engineering practice which undertakes data related activities, including data cleansing and extraction.

BCP Management Policy

Developing and maintaining the BCP Management Policy and underlying plans.

Project Management Policy

Developing, maintaining and monitoring the implementation of Arch’s Product Management Policy.

Job Specifications

Knowledge & Skills:

1. Skilled in client transitions to new IT infrastructure, owning the process and ensuring compliance with all regulatory needs.

2. Skilled in the navigating and delivering on major technology transition plans to clients.

3. Knowledgeable in technology platforms.

4. Skilled in assessing and implementing new technologies including being skilled in evaluating emerging technologies and determining their potential impact on the business.

5. Strong project management skills and demonstrated ability to deliver results under tight deadlines and competing objectives.

6. Intellectually curious with strong analytical skills to assess complex data.

7. Excellent communication skills in written and verbal formats; ability to address a broad range of audiences including senior management, regulators, rating agencies, external auditors and technical experts.

8. Proven ability to work with and handle personal and confidential information with absolute discretion.

9. Credibility among industry peers.

10. Focus on client and customer service.

11. Strong interpersonal skills and willingness / ability to function as a member of a multi-disciplined, international team.

12. Unquestionable integrity and moral compass.

13. A Flexible, ‘can-do’ attitude, happy to do whatever is needed to achieve collective success.

14. Strong experience in understanding the APRA Regulatory obligations including; FAR, CPS 230, and CPS 234.

Education & Experience:

1. Bachelor’s qualification in Computer Sciences

2. Masters in Computer Sciences or MBA desirable

3. 15 years of relevant experience leading and supporting global scale digital and technology programs in insurance, banking and capital market industries.

4. Good understanding of regulatory requirements (APRA, ASIC, ATO etc.).

5. Experience in a leadership role dealing with multiple stakeholders (including board directors, regulators, investors, group finance functions and auditors).

6. IFRS, US GAAP, Board and APRA Reporting.

7. FAR, CPS 230.

Working Conditions / Environment & Physical Demands

1. Normal office environment - The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations will be made to enable qualified individuals with disabilities to perform the essential functions of the job.

2. Attendance / Punctuality - Is consistently at work and on time. Willing to periodically work hours to accommodate other time zones. Ensures work responsibilities are covered when absent.

3. Hybrid work schedule.

4. Occasional domestic and international travel is required.

Disclaimer

Incumbent may be asked to perform other duties as required.

Do you like solving complex business problems, working with talented colleagues and have an innovative mindset? Arch may be a great fit for you. If this job isn’t the right fit but you’re interested in working for Arch, create a job alert! Simply create an account and opt in to receive emails when we have job openings that meet your criteria. Join our talent community to share your preferences directly with Arch’s Talent Acquisition team.