£650/day to £668/day
City of London, England
Contract, Variable

IT Risk Assessment and Controls Assurance Specialist

Posted by Qualserv Consulting.

IT Risk Assessment and Controls Assurance Specialist

6 Month Contract

Based in London - 3 Days a week on site, 2 Days Remote

Day Rate up to £668 PD Inside IR35, VIA Umbrella

Key Skills

  • Tech Risk - tech resilience
  • DORA knowledge Essential - The manager may now be willing to flex (i'm happy with a detailed tech risk person)
  • Broad tech background
  • Understand key tech processes
  • Tech incident mgt, change mgt, sdlc, asset mgt - + key components
  • NOT cyber role
  • FS background

Feedback Received to Date

  • They need to have a specific technology risk background - they have either been general operational risk folks or cyber risk folks
  • DORA experience is useful, but it's the basics of technology risk that have also been missing

BACKGROUND

This new role forms a key part of the Technology Risk Management function, supporting the Head of Technology Risk. The role holder will form a crucial component in the establishment of an enhanced risk management framework and beyond that identify and assess potential risks across Technology, as well as ensuring a comprehensive approach to risk mitigation.

RESPONSIBILITY

  • Technology Risk Taxonomy Register: Identify the Technology risks faced by the organization that give rise to potential disruptions, failures, or adverse impacts on business processes arising from the use, adoption or reliance on technology including hardware, software, networks and information systems.
  • RCSA Process : Provide support to both Operation Risk and the Business in identifying their key risks and assessment of the effectiveness of the key controls, enabling them to understand the risk in pursuing their strategic and business objectives and the overall risk profile.
  • Controls Assurance Testing : Provide oversight and challenge to the business as part of their evaluation of the design and operation of their controls to ensure they are functioning as intended to mitigate risks.
  • Risk Scenario Analysis and Monitoring : Provide input into the identification, development, testing and remedial actions of risk scenarios that could pose potential threats to the organization's continuity.
  • Risk Acceptance and Exceptions : Review and approve (or decline) exception requests submitted where there is anticipated non-compliance with a control, standard or policy.
  • Risk Register Monitoring : Maintain and update a register of Technology-related risk events, incidents, audit findings, exceptions, etc. Work with responsible areas to assess these, develop action plans, identify owners and track through to completion.
  • Continuous Controls Monitoring: Drive the implementation and embedding of ongoing (and where possible automated) assessment of control effectiveness by the business to provide real- time insights.
  • Critical Vendor Monitoring: Review the outputs of the Third-Party Risk Management (TPRM) process to understand the due diligence results of critical 3rd party vendors and what risks they may pose to the organization.
  • Technology Intragroup Reporting: Produce a suite of metrics for inclusion in the various Technology meetings/ forums/ reports as required.
  • Third Party Risk Management (TPRM) Due Diligence : Work closely with TPRM to identify, monitor and report on the technology risk related aspects of Technology provided to the organization by third parties.
  • Third Party Risk Management (TPRM) Reporting: Develop specific metrics relating to the risk exposure of 3rd party technology providers in its suite of metrics to ensure the risk position is understood.

KNOWLEDGE

The post holder will be expected to demonstrate:

  • Attention to Detail: Meticulous attention to detail is crucial for accurately managing open audit points, helping to document audit actions, and accurately track and report on the status of management actions.
  • Organisational Skills: Strong organisational skills are necessary to effectively coordinate audit schedules, manage documentation, and prioritise tasks across the IT Department.
  • Time Management: Excellent time management skills are essential for managing multiple audit engagements, meeting deadlines, and ensuring the smooth progression of audit activities.
  • Communication Skills: Clear and concise communication skills are vital for effectively liaising with internal and external stakeholders, conveying audit-related information, and facilitating collaboration across the IT Department.
  • Analytical Skills: Basic analytical skills are beneficial for analysing audit data, identifying trends, and generating insights to support audit reporting and decision-making processes within the Technology domain.
  • Adaptability: Ability to adapt to changing priorities, audit requirements, and work effectively in a dynamic and fast-paced environment.
  • Confidentiality: Demonstrated ability to handle sensitive information with discretion and maintain confidentiality in accordance with organisational policies.
  • Proficiency in Office Software: Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint, Outlook) and other relevant software applications for document management, data entry, and reporting.
  • Technology Knowledge: Work towards a detailed understanding of Technology and cyber risk frameworks (e.g. NIST / ISO27001 / COBIT / ITIL).

Due to high demand we are only able to respond to applications that meet the required criteria

Related

We use cookies to measure usage and analytics according to our privacy policy.