Role Profile
Senior Compliance Analyst
Division/Dept.
Data Governance and Information Security (DGIS)
Location
Hybrid working with base location of Coventry or London
Reporting to
Compliance Manager
In a nutshell
As a Senior Compliance Analyst, you’ll play a key role in driving the compliance assurance programme and will be responsible for delivering, monitoring and reporting on the annual testing programme on IT controls and Information Security (IS) control requirements. You’ll be responsible for driving continuous maturity and improvement; and you'll support the delivery of operational effectiveness testing controls.
You’ll be responsible for defining the controls testing roadmap, and communicate this with key stakeholders and senior management, as well as driving and reporting on key outputs and remediation activities. Additionally, you’ll recommend and drive process enhancements across key control areas, whilst seeking out opportunities to drive compliance activities that support the broader compliance strategy.
What you need to do
* Responsible for delivering the annual assurance programme such as across IS and IT controls, including developing testing scenarios to support design and operating effectiveness testing
* Own and manage the assurance testing roadmap and schedule, and provide key support to the overall Compliance strategy
* Responsible for analysing the adoption of processes, documentation and controls
* Contribute and deliver key reporting for the Audit Committee and Data Governance Committee
* Drive and own the continuous assessment of IS and IT control effectiveness across the business, raising appropriate risks or defining remediation requirements
* Responsible for driving remediation plans across the business to improve maturity, mitigations and reduce risk
* Own and drive improvements to process and documentation, to support control testing and implementation of policy requirements
* Responsible for ensuring the integrity and efficiency of audit records and compliance activity
* Support with internal Data Governance and Information Security projects where necessary
* Be the liaison and maintain a good relationship with stakeholders to drive resolutions to any issues
What you need to know and show
Essential Criteria
* Demonstrable experience of delivering an assurance testing programme across industry frameworks and regulations, such as but not limited to NIST-CSF, Cyber Essentials, ITGC and ITACs, FRC/Corporate Governance Code, and other relevant frameworks and regulations for example COBIT2019 or COSO
* Ability to collaborate effectively with a range of business stakeholders, and support the wider agenda
* Pro‑active in tracking upcoming industry changes, interpreting how may these impact the business and have the ability to implement where necessary
Additional Criteria
* Demonstrate ability to learn and understand business processes particularly those covering Finance, Technology and Information Security.
* Previous experience of IT audit either within an external audit or an internal audit role would be desirable
* Experience of working with internal/ external auditors and ability to manage appropriate timelines, resolve findings and contribute to continuous improvement initiatives from audit outcomes
* Ability to think methodically and logically; and communicate using spoken and written word
* Familiar with standard IT and IS processes and controls such as identity and access, change management, third‑party management.
* Be able to proactively identify and own any issues and follows through to resolve them
* Ability to prioritise own workload and deliver quality results on time, and to budget
* Certifications such as CISA and ISO 27001 Lead Auditor are desirable but not essential
Support we will provide
* Your line manager will provide support and guidance
* Access to the Compliance, ITGC, GRC, Finance, Data Governance and Infosec teams who have a wide array of skills and knowledge
* Extensive support and training materials available relating to NIST, IT General Controls, PCI‑DSS and GDPR
* Other resources as required
Date of last job evaluation
28/11/2024
Hay rating
C5
Please note:
This role profile is aimed at describing the core output that should be achieved in this role. It is not intended to include specific tasks, temporary activities, or projects to recognise flexibility in a changing context.
#J-18808-Ljbffr