Job Description
**IT Risk & Policy Analyst – Leatherhead (2-3 days per week) - £35,000 per annum base + benefits**
The IT Risk & Policy Analyst is responsible for managing IT risks, monitoring audit actions, maintaining IT policies and procedures, and supporting GDPR compliance. The role ensures effective governance and compliance across IT processes, providing a framework for the identification, mitigation, and management of risks.
This position bridges technical and governance aspects, ensuring alignment with company standards and regulatory requirements, while fostering collaboration across teams to embed robust IT practices:
* Ensuring that all IT risk and IT audit actions are highlighted, monitored, and escalated where appropriate.
* Maintaining the suite of IT policies and procedures.
* Providing support to the Privacy Team in ensuring GDPR compliance.
Main accountabilities:
* Assisting in managing IT Risk Register inputs and outcomes, liaising with IT SLT & Group Assurance and external auditors as appropriate.
* Liaising with other teams to ensure SLAs in scope are met.
* Identifying policy/procedure gaps and working with SMEs to create the material.
* Managing review process for existing IT policies and procedures, updating, or archiving as required
* Building strong relationships in IT & across the business to facilitate the adoption of agreed IT policies and procedures.
* Assisting with tracking the annual DR testing programme.
* Assisting the Privacy Team in ensuring DPIAs are completed where required.
Required skills and experience:
* Some experience of working in an IT function or in an audit/governance role
* Knowledge of IT risk management and IT governance, risk, and compliance (GRC) would be an advantage but not essential.
* Understanding of cybersecurity risks and controls would be an advantage but not essential.
* Understanding of GDPR requirements would be an advantage but not essential.
* Experienced Microsoft Office user (Word, Excel and PowerPoint)
Qualifications
* ITIL trained would be an advantage but not essential.
* IT risk management or cybersecurity certification would be an advantage, otherwise a desire to work towards achieving formal qualification.
Skills
* Excellent oral and written communication skills, with high attention to detail
* Ability to produce high quality, detailed outputs.
* Good analytical skills
* Highly organised and able to implement and manage robust governance processes.
* Strong relationship building and interpersonal skills across a wide range of stakeholders.