IT Risk and Governance Analyst – London – 3 month contract
We are seeking an analytical mind, with an eye for detail, procedures and technical acumen, to help the business implement and run a new IT risk management framework. This is a multi-faceted role supporting both a Technology Transformation Programme as well as maintaining oversight over current operational technology and applications.
1. Risk identification
* Assist the implementation of risk identification control strategies; this will involve working with multiple teams to create learning material, templates and facilitate workshops;
* Support horizon scanning exercises across the business to identify new and emerging risks, which includes working with Legal and Compliance teams to monitor regulatory changes;
* Manage changes to a risk taxonomy and reference library to support technology risk identification and assessment.
2. Risk and event analysis
* Review, triage and analyse internal and external technology issues and risk events, and provide updates for a knowledge base to support continuous organisational learning and improvements;
* Assist change reviews, periodic Risk Control Self-Assessment exercises, control testing and thematic deep dives and analyse technology issues and risks;
* Support the Third Party Risk & Assurance Specialist with vendor risk assessments, controls assurance and compliance attestations for the clients and other third parties.
3. Risk controls and management
* Assist the development of the technology governance framework and controls reference library, and support the development and maintenance of policies, standards and procedures;
* Support the management of the IT controls library, reviewing change requests, version control, as well as providing regular analysis on technology control performance;
* Support the GRC platform and service provision, e.g. write and operate GRC runbooks, proactively engage feedback, conduct business analysis for change requests to improve GRC service design and operations.
4. Risk governance and compliance
* Run the service interface for the Technology Service Governance, including providing information and FAQs, managing demand and expectations, as well as capturing and analysing metrics on customer journeys and governance performance;
* Ensure accurate record keeping of all governance decisions, and operate procedures to track policy and strategy exceptions and risk acceptances;
* Support any internal and external audits, certifications and the resolution of any audit findings.
5. Reporting & documentation
* Prepare and present regular reports on technology risk and Technology Services Governance performance;
* Maintain accurate documentation for Technology Services Governance procedures, project updates and client interactions for audit readiness and knowledge transfer;
* Research, experiment and develop new technology risk visualisations to enhance communication and quick understanding.
6. Management & development
* Closely work with Technology Service teams to promote learning and understanding throughout the business, including the creation, contribution to and promotion of relevant awareness campaigns and compliance training;
* Proactively research state-of-the art technology and risk modelling to improve the technology services as well as enhancing your own knowledge;
* Support the learning and development of your fellow Technology Services Governance team managers and analysts.
Education, Qualifications, Knowledge, Skills and Experience:
* Experience in Enterprise technology services, support or administration including ITIL and asset management
* Understanding of various types of Enterprise IT environments, including cloud computing, cyber security systems and corporate applications
* Supported deployment and operation of IT controls and procedures
* Knowledge of IT Governance, Risk and Compliance frameworks, requirements and procedures
* Analysed data and created PowerBI, Tableau or equivalent reports for presentation to stakeholders
* Ability to code/script automation tasks with PowerAutomate/Python or similar