IT Risk Assessment and Controls Assurance Specialist
Banking
Hybrid: Central London 2-3 days per week
6 months
£675 - £695 per day
In short: We need an IT Risk and Controls SME to build out a new Risk framework for IT tech across the bank. There are gaps identified within IT that require remediation to ensure we achieve regulatory compliance.
In full:
BACKGROUND
This new role forms a key part of the Technology Risk Management function, supporting the Head of Technology Risk. The role holder will form a crucial component in the establishment of an enhanced risk management framework and beyond that identify and assess potential risks across Technology, as well as ensuring a comprehensive approach to risk mitigation.
RESPONSIBILITY
- Technology Risk Taxonomy & Register: Identify the Technology risks faced by the organisation that give rise to potential disruptions, failures, or adverse impacts on business processes arising from the use, adoption or reliance on technology including hardware, software, networks and information systems.
- RCSA Process : Provide support to both Operation Risk and the Business in identifying their key risks and assessment of the effectiveness of the key controls, enabling them to understand the risk in pursuing their strategic and business objectives and the overall risk profile.
- Controls Assurance Testing : Provide oversight and challenge to the business as part of their evaluation of the design and operation of their controls to ensure they are functioning as intended to mitigate risks.
- Risk Scenario Analysis and Monitoring : Provide input into the identification, development, testing and remedial actions of risk scenarios that could pose potential threats to the organisation's continuity.
- Risk Acceptance and Exceptions : Review and approve (or decline) exception requests submitted where there is anticipated non-compliance with a control, standard or policy.
- Risk Register Monitoring : Maintain and update a register of Technology-related risk events, incidents, audit findings, exceptions, etc. Work with responsible areas to assess these, develop action plans, identify owners and track through to completion.
- Continuous Controls Monitoring: Drive the implementation and embedding of ongoing (and where possible automated) assessment of control effectiveness by the business to provide real-time insights.
- Critical Vendor Monitoring: Review the outputs of the Third-Party Risk Management (TPRM) process to understand the due diligence results of critical 3rd party vendors and what risks they may pose to the organisation.
- Technology & Intragroup Reporting: Produce a suite of metrics for inclusion in the various Technology meetings/ forums/ reports as required.
- Third Party Risk Management (TPRM) Due Diligence : Work closely with TPRM to identify, monitor and report on the technology risk related aspects of Technology provided to the organisation by third parties.
- Third Party Risk Management (TPRM) Reporting: Develop specific metrics relating to the risk exposure of 3rd party technology providers in its suite of metrics to ensure the risk position is understood.
KNOWLEDGE
The post holder will be expected to demonstrate:
1. Attention to Detail: Meticulous attention to detail is crucial for accurately managing open audit points, helping to document audit actions, and accurately track and report on the status of management actions.
2. Organisational Skills: Strong organisational skills are necessary to effectively coordinate audit schedules, manage documentation, and prioritise tasks across the IT Department.
3. Time Management: Excellent time management skills are essential for managing multiple audit engagements, meeting deadlines, and ensuring the smooth progression of audit activities.
4. Communication Skills: Clear and concise communication skills are vital for effectively liaising with internal and external stakeholders, conveying audit-related information, and facilitating collaboration across the IT Department.
5. Analytical Skills: Basic analytical skills are beneficial for analysing audit data, identifying trends, and generating insights to support audit reporting and decision-making processes within the Technology domain.
6. Adaptability: Ability to adapt to changing priorities, audit requirements, and work effectively in a dynamic and fast-paced environment.
7. Confidentiality: Demonstrated ability to handle sensitive information with discretion and maintain confidentiality in accordance with organisational policies.
8. Proficiency in Office Software: Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint, Outlook) and other relevant software applications for document management, data entry, and reporting.
9. Technology Knowledge: Work towards a detailed understanding of Technology and cyber risk frameworks (e.g. NIST / ISO27001 / COBIT / ITIL).
Candidates will ideally show evidence of the above in their CV in order to be considered.
Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly. Pontoon is an employment consultancy and operates as an equal opportunities employer.