Technology Risk and Controls Analyst - Working with a dynamic financial organisation in the heart of the city, whilst not essential any previous Financial / Banking experience would be highly beneficial.
The Technology Department delivers differentiation, scalability and security for the business. Reporting to the COO, Technology provides digital tools, software services and infrastructure globally to all business groups. Software development and support teams work in agile 'streams' aligned to specific business areas. Our other teams work enterprise-wide to provide critical services including our global service desk, network and system infrastructure, IT operations, security, enterprise architecture and design.
Technology Governance is responsible for defining Technology-wide standards, controls and reporting to ensure the Technology business is operating effectively and meeting its financial, strategic, assurance and regulatory obligations. The area covers Technology Strategy & Planning, Risk and Controls, Business Resilience, IT Service Continuity and Enterprise Architecture.
Overall Responsibilities
- Facilitating and improving the Technology Risk Management process.
- Ensuring Technology controls are appropriate, facilitating reporting on Compliance to relevant internal stakeholders
- Facilitate and support Internal and External Audits, their execution and the tracking of reporting of remediating actions
- Supporting the development and embedding of underpinning process and procedure documentation, including assisting service/business/process owners with compliance to new policies and operationalising new working practices and procedures.
- Monitor and report on the performance of these processes across the organisation, recommending and implementing enhancements, and closing coverage gaps.
- Work with Operational Risk to manage and track key Technology Risks, provide support as part of Entity-wide risk reviews and control gaps.
- Facilitate the Technology Supplier Management process, ensuring that internal stakeholders are compliant with the framework and the status of 3rd parties is managed.
Skills and Experience
Essential
- Excellent verbal and written communication skills
- Understanding of SOX 404 IT General Controls
- Experience of working in a regulated environment and with stakeholders across Operational Risk, Audit and Compliance.
Desired
- Experience working in a regulated environment and knowledge of the risk and compliance requirements associated with this.
- Practical experience of working with Quality Management Systems, ideally with ISO27001 Foundation certification or above.
- Risk Management - experience of facilitating the management of risks, ideally with a formal accreditation (e.g. ISO31000 or Management of Risk).
- IT Service Management - understanding of the disciplines required to design, develop, transition and operate technology services, ideally with a formal ITIL v4 certification.
- Practical experience of managing small project deliveries and improvement roadmaps.
- Experience of authoring process and procedure documentation.