Job Description As our Enterprise Technology Controls Senior Analyst you will sit within the Enterprise Technology Controls Team and its primary focus is to support the Enterprise Technology Controls Manager to maintain and enhance Informa’s IT controls to ensure they remain effective. You are required to have a good understanding of Informa as a business, and knowledge of the Shared Service Organisation Process Control environment would be advantageous to further understand the business risks that are presented, and how these are underpinned by the General IT Controls (GITCs). You will be responsible for the management of the Risk and Control Matrices and will operate within the 2nd Line of Defence to ensure that all IT related Group policies and procedures are adhered to for the applications within the remit of the Enterprise Technology Controls Team, and that controls are designed appropriately to reduce or fully mitigate any identified risks. The IT control’s function expanded, and the current Enterprise Technology Controls team was established in 2020 to provide Informa management with the continued assurance over the effectiveness of the company’s General IT Controls. The team originally only provided assurance over the 2 financial ERPs SAP, and Oracle, but since its creation it has continued to evolve and is now taking responsibility for other peripheral applications, along with coordinating the IT audit with our External Audit Partners. The team sits as part of the Technology Solutions and Services (TSS) Group under the Enterprise Technology team, reporting into the Chief Enterprise Technology Officer (CETO) but with dotted responsibilities to the Chief Information Security Officer (CISO) and the Chief Technology Operating Officer (CTOO). You will initially report to the Director of Enterprise Technology Controls and will work closely with our internal IT teams as well as our 3rd party support providers Mindtree and IBM; liaising frequently with Internal and External Audit, GBS and divisional control teams, and InfoSec with the aim of ensuring that enterprise applications maintain a controlled environment that does not encumber the efficiency of operational activity. Key Outputs and Outcomes Assist with the implementation of the Controls Management System (CMS) AuditBoard for new Risk and Control Matrix (RaCM) deployments, ensuring clear and consistent documentation standards and capturing accountabilities / responsibilities for each material control Lead implementations of the various IT Risk and Control Matrices (RaCM), ensuring that any control changes are documented, and that full training is provided to the control owners and performers Drive and monitor the remediation of gaps and control deficiencies, ensuring they are captured in line with the issue management processes and standards Maintain AuditBoard to ensure risks and controls are updated and there is ongoing compliance across the business with the requirements of the Controls Framework Drive the creation and maintenance of the controls documentation to ensure they remain current, for example to consider changes arising from technology and process changes Develop and document the testing procedure for each key control, as well as the wider population of non-key controls, assist with the execution of assurance and testing activities on an ongoing basis, liaising with the related testing resources (such as Control Owners and Performers) to refine the testing plan where appropriate, monitor testing outcomes, and resolve control issues Actively seek opportunities for control improvements such as the use of automation and new technologies that would benefit Informa. Assist with the preparation of adhoc reporting to key stakeholders (including Executive Committee, Audit & Risk Committee and Finance & IT Leadership Teams) Coach the Enterprise Technology Controls Analysts to support with the various RaCM implementations and maintenance Work with control owners to embed processes and procedures to implement and operationalise controls to ensure they are understood and are operating effectively. Liaise with External Audit partners to support with their review of the IT Controls as part of the Group PCAOB audit Seek opportunities for personal development to ensure that IT controls knowledge is continuously being enhanced and kept up to date. Measures of Success Successful and efficient management of Risk and Control Matrix implementations Reductions in the elapsed time taken to remediate controls deficiencies. Successful performance of controls testing and subsequent reporting. Continue to see positive results in the external audit, with a reduction in the recommendations being made.