Job Description
The IT Risk & Controls Analyst plays a key part in providing assurance and insight to the management of technology risks, controls and any related governance activities. The role collaborates closely with Engineering teams to ensure that all technology risks are managed effectively and in compliance with standards, providing 1st line risk management expertise.
The role also plays a key part in planning and facilitating annual audits (which have an impact on financial reporting), leading activities from a UK IT perspective and working with all parties providing strategic guidance, technical knowledge, quality control and quality assurance for all audit-related activities.
Duties/Responsibilities
* Lead the facilitation of annual audit activities impacting IT, collaborating with key stakeholders, 3rd parties and internal engineering teams to ensure smooth running of all audit activities and timely gathering of evidence
* Work together with Europe, Central Technology Services (CTS), Identity Access Management (IAM) team to assist in the improvement and operation of the joiners, movers, leavers (JML) process, ensuring it is followed appropriately within the company.
* Provide 1st line risk management knowledge, guidance and support to all IT teams, acting as an SME in that field, helping teams manage technology risk. Collecting and analysing data on control effectiveness and assess the impact on risk posture including:
* IT Risk Register
* Open actions resulting from audits
* Open security exceptions
* Risk and control effectiveness
* Act as a point of contact and SME to ensure the Risk Controls Framework is effectively rolled out across all teams, working and collaborating closely with the Engineering teams to develop and implement risk mitigation strategies and controls, and tracking any subsequent action plans
* Conduct risk analysis to identify potential, or emerging, technology risks and vulnerabilities, gathering and preparing information to the Risk Owner to assist with decision making
* Responsible for working with key business stakeholders annually to attest to the Information Security Operating Policy
* Work with European CSIO and Security function to ensure alignment between functions, to ensure policies are adhered to and reported consistently
Skills, Knowledge and Experience
* 1st Risk Management experience
* In depth knowledge of Risk Management frameworks and processes including information security and technology risk controls
* Excellent communication skills, demonstrating a clear and articulate standard of written and verbal communication in a complex environment, tailored for all levels of management
* Attention to detail
* Ability to prioritise own workload and act independently
* Good interpersonal/networking skills, with the ability to maintain a variety of relationships with multiple stakeholders.