Description:
Reporting to the CIO, as an IT Risk & Control manager you will work to embed first line risk & control responsibilities and accountability across IT, ensuring adherence to all Risk and Control frameworks and policies. This includes Business Continuity Management, Risk Incident management, Breach management and the Risk Assessment process.
The role will also be required to execute various control activities in a timely manner and in-line with agreed schedules.
Reporting is a key aspect of the role therefore attention to detail and presentation skills are essential. Working closely and liaising with Cyber Security to ensure overall risk and controls are managed.
Key Responsibilities:
- Supporting the IT teams to ensure risks and controls are recorded and managed appropriately.
- Chair the Change Approval Board.
- Responsibility for assisting with the design and maintenance of the company’s operational resilience framework with a focus on IT components
- Monitoring and reporting on IT risk appetite statements and tolerances for CIO to report to Exco and Board
- Working with potential / new / existing clients on IT, Cyber and Data due diligence assessment and annual reviews
- Tracking and progressing all IT risk related actions; including Risk assessments, Internal Audit, External Audit and Business Continuity actions. Working with action owners across IT to ensure agreed targets are met and the Risk Management system is maintained.
- Developing and delivering effective risk reporting and management information, including updating and maintaining the IT Risk Matrix.
- Implement IT Controls matrix for across IT.
- Responsibility to update and maintain IT Standard Operating Procedures.
- Completing IT risk assessments and provide findings to the senior executive team.
- Providing subject matter expertise around IT risk and control frameworks, being the first point of contact for all risk and control queries.
- Coordination of the Risk Assessment process, providing coordination and support for delivering treatment plans.
- Facilitating and leading meetings with the CIO and Senior IT managers to carry out risk assessments.
- Support the CIO in preparation and delivery of communication to Executive Risk Committee.
- Identifying training requirements across the wider IT community and delivering Risk training.
- Overseeing IT Risk Incidents ensuring that first line responsibilities are being met and collating information required for reporting.
- Facilitating the Policy Attestation process.
- Maintain a view of key dates for risk reporting providing awareness to key stakeholders so that dates are met.
- Complete control testing activities to ensure active controls remain appropriate and robust
- Execute controls in-line with agreed schedules
Skills & Experience:
- Prior experience in risk identification
- Prior experience of establishing and embedding robust and effective controls
- Experience of risk management and monitoring in an IT production or development environment (ideally financial services)
- Previous experience of controls testing
- Previous experience in developing good working relationships with stakeholders of various levels
- Experience in the production and presentation of management information
- Knowledge/experience or certification in Industry Standards such as ITIL, NIST and ISO 22301 (Business Continuity Management) as desirable.