My client, a Trading platform based in London, are looking for an IT Controls Testing Lead to join their growing team. For this role you will have to be in their offices 3 times per week.
Overview:
My client is a leading trading platform that is ambitiously expanding to the four corners of the globe. Their top-rated products have won prestigious industry awards for their cutting-edge technology and seamless client experience. They deliver only the best, so they are always in search of the best people to join our ever-growing talented team.
Responsibilities:
* Design and maintain a robust technology control testing framework aligned with risk management standards (e.g., NIST, ISO 27001, COBIT, ITIL).
* Develop and update testing methodologies, ensuring they address key risks related to IT infrastructure, cybersecurity, cloud services, and software development.
* Establish and maintain control testing policies and procedures that align with regulatory and internal governance requirements.
* Ensure the control testing framework integrates seamlessly with the broader Operational Risk Management Framework (ORMF).
* Maintain a comprehensive control library, mapping controls to risks and business objectives.
* Plan and execute detailed control testing activities across IT operations, systems, and processes, including:
o Cybersecurity controls (e.g., firewalls, encryption, access management).
o Cloud computing controls (e.g., AWS, Azure, Google Cloud).
o Data protection controls (e.g., GDPR compliance, data backups).
o Incident management processes and disaster recovery testing.
* Test both the design and operating effectiveness of IT controls.
* Prioritise control testing activities based on risk assessments, focusing on high-risk areas such as payment systems, customer data protection, and regulatory reporting.
* Document and communicate control deficiencies to relevant stakeholders.
* Work with technology teams to develop, track, and implement remediation plans to address identified control gaps.
* Perform follow-up testing to validate the resolution of issues and confirm effectiveness.
* Assess IT controls of third-party vendors and service providers, ensuring compliance with contractual and regulatory obligations.
* Support vendor risk management activities by evaluating third-party cybersecurity and IT governance controls.
* Document findings and control weaknesses, ensuring they are communicated clearly to relevant stakeholders.
* Work with control owners and process teams to develop and track remediation plans for identified deficiencies, ensuring timely resolution.
* Conduct follow-up testing to validate the implementation and effectiveness of corrective actions.
* Collaborate with risk teams to ensure control testing aligns with the organisation’s risk assessment and regulatory requirements.
* Present findings and recommendations to senior leadership, providing actionable insights to improve the control environment.
* Support regulatory audits and examinations by providing control testing documentation and responding to inquiries.
* Ensure the organisation is prepared for external reviews of its control environment.
Requirements:
* 5-7 years of experience in technology risk management, IT audit, or control testing within a regulated FinTech or financial services environment.
* Strong background in assessing IT and cybersecurity controls, including experience with cloud environments, DevSecOps practices, and digital payment platforms.
* Proven ability to perform test of controls (design and operating effectiveness).
* Strong understanding of operational processes, risk frameworks, and regulatory requirements.
* Proficiency in using governance, risk, and compliance (GRC) tools and control testing platforms.
* Familiarity with IT control frameworks such as NIST Cybersecurity Framework, ISO 27001, and COBIT.
* Proficiency with GRC platforms and testing tools (e.g., RSA Archer, ServiceNow, or LogicGate).
* Advanced knowledge of data analysis tools (e.g., Excel, SQL) and reporting tools (e.g., Tableau, Power BI).
* Strong understanding of cloud security, data protection technologies, and cybersecurity protocols.
* Experience in managing regulatory audits.
* Ability to work collaboratively with regional and global partners in other functional units; ability to navigate a complex organisation; to influence and lead people across cultures at a senior level.
* Excellent problem-solving skills, inquisitive nature and comfort challenging current practices.
* Proven track record of taking ideas forward without supervision and challenging others, where appropriate.
* Adapt at developing relationships with senior business executives with a reputation for partnering across organisation lines to mitigate risks.
* Highly disciplined, able to work with limited supervision and make independent decisions.
* Strong organisational, project management, and multi-tasking skills with demonstrated ability to manage expectations and deliver results.
* High level of professionalism, self-motivation, and sense of urgency.
* Bachelor’s degree in Computer Science, Information Technology, Risk Management, or a related field.
* Advanced degree (e.g., MS in Cybersecurity, MBA) is a plus.
If the above is of interest please apply to this role or call me on 0207 509 8040 to find out more.
About the job
Contract Type: FULL_TIME
Specialism: Information Technology
Focus: Information Security
Workplace Type: Hybrid
Experience Level: Director
Location: London
Salary: £110,000 - £130,000 per annum
Job Reference: 1GW30T-C4818753
Date posted: 25 February 2025
Consultant: Darius Goodarzi
Come join our global team of creative thinkers, problem solvers and game changers. We offer accelerated career progression, a dynamic culture and expert training.
#J-18808-Ljbffr