IT control Tester /Risk Manager - IT Control Testing
Initial 6-month contract.
Open to Remote contractors for UK Citizen / Ireland(Stamp 4/ Citizen) / Europe Citizen only.
This role will ensure provision of intelligent and insightful MI based on the results of IT control testing to drive the right conversations regarding how to manage the identified risks, balancing risk and operational efficiency to help promote growth and drive shareholder value.
Initially the role will be responsible for supporting design and implementation of the IT control testing operating model, underlying processes and procedures and design/development of the IT Control Framework. This will transition to completion of the more complex technical design adequacy and operating effectiveness control testing required within the European Technology IT control testing schedule and agreement of supporting remediation plans where gaps are identified. In addition, this role will have a particular focus on controls automation.
The role will involve significant senior relationship and stakeholder management across multiple lines of business.
Role Accountabilities
* Support development, and implementation the 1LOD IT control testing operating model, underlying integrated IT control testing framework, methodologies, supporting procedures and governance ensuring alignment with strategic goals.
* Support development and maintenance of the IT Control Framework.
* Thought leadership on control tooling, process efficacy, with a particular focus on opportunities for automation of IT controls.
* Design of test plans for newly defined IT controls.
* Provide support and guidance across European Technology in oversight and management of IT controls.
* Assess the design effectiveness, operational effectiveness and associated continuous monitoring plans of European Technology IT Controls.
* Work closely with key stakeholders (e.g. Control Owners, CCOs, etc.) to agree control testing outcomes and assist with establishing remediation plans.
* Identify solutions for a variety of complex and unique control issues, utilising complex judgement and sophisticated analytical thought.
* Provide expertise and guidance on control testing across European Technology and apply critical judgment and decision making in relation to the identification and publication of control testing findings through identifying the key risks and issues.
* Advise on the design of new IT controls in response to risks identified.
* Produce insights on testing outcomes, thematic findings and read-across opportunities.
* Build and maintains strong partnerships within European Technology.
* Influence senior stakeholders to embed risk management and controls into decision making. Build credible and powerful relationships with senior stakeholders, demonstrating robust judgement, insight and thought leadership.
* Raise the profile of Technology Risk across European Technology
* Act as a role model and supports the broader leadership activities of the OCIO Risk & Security team, developing the ‘brand’. A member of a highly engaged team recognised for its diligence, subject matter expertise and excellence in delivery.
Candidate Profile
Knowledge, Skills & Experience
* Ideally educated to a degree level.
* A strong background with 5+ years’ experience in technology risk with supporting risk qualifications.
* Previous experience of designing IT controls and test plans.
* Advanced IT risk, controls, and Information Technology operations knowledge, as well as command of NIST and COBIT control framework
* Experience in identifying control gaps and communicating audit findings and control redesign recommendations.
* Skilled in leveraging technology to improve overall control environment will be highly desirable.
* Previous hands-on experience of design adequacy and operating effectiveness testing.
* An ability to shape IT control frameworks that fully support overall strategy.
* Strong stakeholder management skills with experience of raising awareness of issues to key stakeholders across IT.
* Excellent written and verbal communication skills.
* Strong organisational skills
* Able to negotiate prioritisation and treatment of risk issues.
* Preferably possess IT compliance or security related certifications (CRISC, CGEIT, CISM or CISSP)