Job Description
IT Risk Management Lead
This is a hybrid role and would require you onsite in Brentwood 2 days per week.
Role Purpose:
Our client is looking for an IT Risk Management Lead who will be responsible for monitoring IT risks and ensuring that all controls are functioning effectively and routinely.
You will also manage each risk event from identification to conclusion, identifying any weaknesses in the control environment and putting into place actions to correct.
Key Responsibilities and Accountabilities:
* Review and log all IT risks according to the ISO27001 framework, updating the Information Security Management System risk registers accordingly.
* Prepare a monthly report for the CIO on highlighting a prioritised set of current risks
* Develop and maintain a register of all IT controls to ensure that they are routinely tested and working effectively.
* Prepare monthly reporting for the CIO to evidence the control environment.
* Work with the second line Risk Function to ensure that they have the necessary reporting to assess the IT risk to the organisation. This includes but is not limited to maintaining the Risk and Self Certification Assessment regime.
* Integrating the detailed IT risk management framework with the Risk function’s risk appetite and other metrics.
* Defining and agreeing IT risk metrics with the Risk function and monitoring the effectiveness of these metrics regularly.
* Be responsible for the management of all risk events in accordance with the procedures from the Risk Function. This includes initial logging, root cause analysis and identifying actions to implement and/or enhance controls to final reporting to the CIO on status.
* Review remediation plans following any risk events
* Provide assurance post remediation
* Reviewing environmental/regulatory changes that may pose IT risks:
* For example, reviewing proposed changes to the Microsoft Office 365 environment. For instance, deprecation of technologies and the timelines.
* Reviewing regulatory driven changes and the impact these might pose. For instance, the regulator may insist upon the phasing out of certain old technologies.
* Work closely with the IT Infrastructure manager to provide cover in extended periods of absence/holidays.
* Influence design of IT change and solutions
* Provide oversight of control environment of outsource IT partners
* Assist in development of BCP planning and interpreting test results
* Ad hoc duties as required.
Essential Skills and Knowledge:
Technical Skills
* Extensive experience working in IT infrastructure/management roles.
* Experience working in Financial Services/regulated environments
* Demonstrated experience in disaster recovery planning and business continuity
* Familiarity with regulatory compliance standards e.g. GDPR, ISO27001
* Proactive approach to identifying and addressing potential IT risks
* Relevant experience within an audit, and/or risk management role.
Soft Skills
* Excellent written and verbal communication skills with the ability to explain complex security issues to non-technical business stakeholders
* Ability to build relationships with internal and external stakeholders and business partners working collaboratively
* Strong analytical and problem-solving skills
* Ability to work independently and within a team
* Attention to detail and ability to prioritise tasks
Benefits:
* Pension contribution 5% or more by employee, 10% employer
* 28 Days Annual Leave
* Death in Service 4 x Salary
* Sick Pay – 26 weeks full pay/26 weeks ½ pay (after 12 months service)
* PMI – BUPA (Taxable benefit) Single Cover – opt in/out