Job Description
Technology Risk and Controls Manager – Edinburgh – up to £60K plus benefits (Hybrid working)
This is an exciting and challenging permanent role with a financial services organisation in the UK. The purpose of Technology Controls is to provide Controls and Risk Management leadership enabling colleagues to make the right decision. The team is transforming and maturing the Technology Risk and Control framework within the organisation.
You’ll provide oversight of the Technology Controls Library, supporting key stakeholders by providing expert guidance based on analytical outcomes and insight surrounding the operation of the control environment, ultimately supporting the evolution and maturity of the risk and control profile.
What you’ll be doing:
* Own, co-ordinate and operate a variety of control oversight activities including, the delivery of scheme attestations and annual control testing schedule.
* Research, transform and improve on existing practices.
* Coordinate and drive responses to attestation and Due Diligence requirements.
* Provide consultancy and expertise on Control Design and Operating practices.
* Inform and support key stakeholders to make risk-based decisions.
We need you to have :
* Communicates at an advanced level and can positively challenge and enable Key Stakeholders in discharging their accountabilities in relation to Risk Management.
* Works under own initiative to plan, organise, prioritise, and oversee activities to efficiently meet business objectives.
* Works under own initiative to monitor, interpret and understand policies and procedures, while making sure they match organisational strategies and objectives.
* Explore the depth and breadth of a problem, draw out the implications of not changing, and help clients self-discover and articulate the value of a solution. Seeks to understand the client's situation, explores client problems and solutions, and can design solutions for resolution.
* Identifies, assesses, prioritises, and manages risk.
* Works at an intermediate level to analyse potential solutions and create recommendations based on the expected benefits, costs, and overall value of the solution for key stakeholders. Typically works with guidance.
* Works at an advanced level to understand business context, needs, rules, and architecture, as well as organisational structure.
* Experience in assurance activity (including control testing) of key controls.
* Review, assessment, and remediation of access management related controls.
* Experience of cyber related risks and issues (leveraging NIST framework).
* Practiced in policy, standards and process reviews and adherence of first line of defence teams to these.
And if you have any of these, even better :
* Ideally (but not essential) you’ll hold a relevant or equivalent ISACA qualification (CISM, CRISC, CISA, CISSP) or be willing to work towards this.
This role is urgent in nature so please email your CV to -digital.co.uk or call 077 375 38 248 for more information.