This will be a senior role in a team responsible for all aspects of Risk Management and IT Controls, including risk assessments, planning, documentation, testing of IT Controls, and any follow-ups to ensure mitigation of any failures and weaknesses. The role will report to the Head of IT Governance and will support the continuous development of a new first line IT risk and internal control framework across the entire IT function.
Lead the shaping, development and continuous improvement of the controls and risk frameworks across the business's core processes and systems
Lead the regime for the testing of Design, Implementation and Operational Effectiveness of Internal Controls, including those managed by third party suppliers, and controls self-assessment
Lead discussions with key stakeholders on IT control testing outcomes and action plans, and ensuring risk remediation/control improvement objectives are addressed by the actions
Support the business in maintaining a forward view of risk, performing risk identification activities, and ensure appropriate controls are in place. Track significant risk management/mitigation initiatives/programmes and represent the team on relevant steering committees and working group
Lead preparation for (e.g. draft input to) committee packs for review by the Head of IT Governance and participate in appropriate risk forums and committees
Act as a key advocate for a controls culture across IT, including leading the engagement with second line risk management, controls stakeholders across the business, and with internal and external auditors
Good practical experience of managing delivery in a relevant technology / technology risk function including knowledge of key control areas, such as security, IT resilience, change management etc
Experience of IT risk management and an understanding of the wider environmental risks and threats is a must.