This will be a key role in a team responsible for all aspects of Risk Management and IT Controls, including risk assessments, planning, documentation, testing of IT Controls, and any follow-ups to ensure mitigation of any failures and weaknesses. The role will be part of a risk and controls testing team, reporting to the Head of IT Governance and will support the continuous development of a new IT risk and internal control framework across the entire IT function.
Support the development and maintenance of a controls culture across IT, including continuous communication with controls operators and owners across the IT function
Engage with control owners and operators in order to test ISO27001 and COBIT internal controls and to improve the facilitation of testing and audits. Review, evaluate and document internal controls, including the adequacy of documentation and design effectiveness assessment through review of documents and meeting Control Owners
Undertake routine discussions with key stakeholders on IT control testing outcomes and action plans, and ensuring risk remediation/control improvement objectives are addressed by the actions
Support the shaping, development and continuous improvement of controls frameworks across the business's core processes and systems
Perform the testing of Design, Implementation and Operational Effectiveness of Internal Controls, including those managed by third party suppliers
Good practical experience of managing delivery in a relevant technology / technology risk function including knowledge of key control areas, such as security, IT resilience, change management etc.
Experience of IT risk management and an understanding of the wider environmental risks and threats