IT Audit and Risk Lead

Posted 2 days 1 hour ago by finova

Permanent
Not Specified
Other
London, United Kingdom
Job Description

Audit & Risk Lead - London

About finova

finova is the UK's largest cloud-based mortgages and savings software provider, supporting over 60 leading lenders, 3000 mortgage brokers and 200 financial institutions. Our suite of award-winning software includes a Core Banking Platform, Broker Platform and finova Connect, a range of solutions that connect lenders, intermediaries and consumers. We specialise in offering cutting-edge fintech software to empower our clients with advanced tools and capabilities to stay competitive. As we expand our offerings and client base, we seek a highly skilled and experienced Managed Service, Security & Compliance Director to join our team.

Role Overview:

This role is accountable to the Head of Risk & Compliance, and ultimately the COO.

As the Audit & Risk Lead within the R&C function, you will play a crucial role in ensuring the delivery of compliance, security, and governance within our solutions offered to clients' in Azure & AWS cloud-hosted estates.

Your responsibilities will revolve mainly around assessing and implementing compliance measures in line with the R&C control framework. Auditing and reviewing control sets internally of the product in line with our control framework and ISO certification, as well as managing client audits on the products as part of the wider Client Governance Schedule.

This role will be both internal and client facing.

About you:

• Extensive recent experience in auditing is essential as well as managing compliance and governance (preferably for fintech software companies in the financial services sector)

• Bachelor's degree in computer science, Information Security, Business Management, or a related field

• Knowledge of DevOps development cycles and secure development, an advantage

• In-depth knowledge of SS2/21 material outsourcing, FCA & PRA regulations, NIST, and ISO, with a proven track record of implementing and maintaining compliance & control frameworks, and stay abreast of incoming regulations

• Experience with Azure/AWS cloud services and Azure DevOps Boards and security practices related to cloud-hosted estates is greatly desired

• The ability to work with multiple different L1 departments both in software development and servicing, and partnering with the wider risk team is essential

What will you be doing?

Auditing:

• Pre-audit ISO27001 control cycle before the certification

• Plan and perform internal auditing on products and key risk areas

• Manage Client Audit Schedule planned in advance annually partnering with the account managers

• Link any findings of audits into the wider Risk management framework and remediation schedule, as well as updates to the Due diligence framework in Risk Ledger

Risk Framework:

• Along with the R&C function work to embed risk and compliance frameworks within product servicing to ensure regulatory and contractual compliance

• Lead efforts to implement control remediations, policies, and procedures within product servicing aligned with our framework using Risk register and risk events

Client engagement:

• Work with the Senior Risk Analyst on the overall Client Governance schedule over finova as a material supplier, covering annual due diligences and audits as well as reporting agreed remediation.

Governance, Reporting & Collaboration:

• Support monthly & quarterly reporting on risk and implementation plans relating to risk management as part of the R&C function.

• Collaborate with other senior leaders within finova to integrate compliance and security measures into product development and service delivery.

What will you get from joining the finova family?

Flexible Working:

• 25 days holiday in each calendar year plus bank holidays

• Bank Holiday trading: flexibility to work bank holidays and take another day off that fits your values, beliefs or celebration calendar better

• Work from anywhere in the world for up to 4 weeks a year

Looking After You:

• Life Assurance, Group Income Protection and Private Medical Insurance

• Pension scheme via Salary Exchange

Equal Opportunity Statement:

Diverse teams really are the best teams, we promote a working environment in which diversity is recognised, valued and encouraged.