IT Risk & Controls Analyst, Associate
£50 – 60,000 + Excellent Benefits + Excellent Bonuses
City of London office, Hybrid working
IT Risk & Controls Analyst, NIST, ISO27001, COBIT, ITIL will play a key part of the Technology Risk Management function, supporting the Head of Technology Risk. The role holder will form a crucial component in the establishment of an enhanced risk management framework and beyond that identify and assess potential risks across Technology, as well as ensuring a comprehensive approach to risk mitigation.
Lead and conduct comprehensive IT risk assessments to identify potential threats and vulnerabilities within the organization's Technology infrastructure.
Develop, implement, and monitor effective controls to mitigate identified IT risks, ensuring alignment with industry best practices and regulatory requirements.
Collaborate with cross-functional teams to ensure Technology risk management practices are integrated into all business processes and projects.
Provide expert advice and assurance on IT controls to support compliance with internal policies and external regulations.
Prepare detailed reports and presentations on IT risk assessment findings and control effectiveness for senior management and stakeholders.
Identify the Technology risks faced by the organization that give rise to potential disruptions, failures, or adverse impacts on business processes arising from the use, adoption or reliance on technology including hardware, software, networks and information systems.
Provide support to both Operation Risk and the Business in identifying their key risks and assessment of the effectiveness of the key controls, enabling them to understand the risk in pursuing their strategic and business objectives and the overall risk profile.
Provide oversight and challenge to te business as part of their evaluation of ng the design and operation of their controls to ensure they are functioning as intended to mitigate risks.
Work closely with TPRM to identify, monitor and report on the technology risk related aspects of Technology provided to the organization by third parties.
Provide input into the identification, development, testing and remedial actions of risk scenarios that could pose potential threats to the organization’s continuity.
Review and approve (or decline) exception requests submitted where there is anticipated non-compliance with a control, standard or policy.
Maintain and update a register of Technology-related risk events, incidents, audit findings, exceptions, etc. Work with responsible areas to assess these, develop action plans, identify owners and track through to completion.
Drive the implementation and embedding of ongoing (and where possible automated) assessment of control effectiveness by the business to provide real-time insights.
Work towards a detailed understanding of Technology and cyber risk frameworks (e.g. NIST / ISO27001 / COBIT / ITIL).