IT Risk & Control Testing Analyst

Posted 5 days 7 hours ago by Bupa

Permanent
Full Time
Other
London, United Kingdom
Job Description

Before submitting your application, you should read our privacy notice to understand how Bupa will use, store and share your information.

IT Risk & Control Testing Analyst

Location: Central London, Salford Quays, Staines

Time Type: Full time

Posted on: 2 Days Ago

Job Requisition ID: R

Job Description:

IT Risk & Control Testing Analyst

Flexible on Location: London - EC2R 7HJ, Staines - TW18 3DZ, Manchester - M50 3SP

Hybrid (3 to 4 days working from home)

Permanent

Salary: £39,500 - £49,500 plus fantastic benefits

Full time - 37.5 hrs

We make health happen

At Bupa, we're passionate about technology. You'll have the opportunity to work on innovative projects and make a real impact on the lives of colleagues, customers, patients, and residents.

The IT Risk and Controls Testing Analyst will be part of a team working under the guidance of the IT Risk and Control Assurance Manager with the primary purpose of testing the IT controls applied to business applications and the processes, services, and infrastructure that support them.

The Testing Analyst will cover all types of Information Technology (IT) and Information Security (IS) controls, testing the set of controls with a risk-based approach. This includes controls related to cyber security (modelled on the NIST, ISO, CIS-20 & CCM frameworks) as well as general IT controls aligned to the COBIT and ITIL frameworks.

You'll help us make health happen by:

  • Collaborating with a team of testing colleagues to perform risk-based control testing.
  • Executing control testing activities in line with guidance provided by the IT Risk and Control Assurance Managers and IT Risk and Control Testing Specialists.
  • Facilitating risk and control self-assessments.
  • Providing "audit quality" independent testing documentation of IT processes and controls.
  • Tracking the remediation of any defects identified by the RCSA process.
  • Supporting the IT Risk & Control Assurance Managers and IT Risk & Control Testing Specialists in ad hoc deep-dive reviews of IT processes and controls.
  • Documenting and reporting control deficiencies and capturing recommended improvements to process and control design and operation.
  • Conducting onsite or desk-based control assessments of third parties during the onboarding or tender process.
  • Building trusted relationships with IT Risk Process and IT Control owners.
  • Working with Process and Control owners to improve Processes and Controls.

Key Skills / Qualifications needed for this role:

  • Formal training and hands-on experience of designing, operating, or auditing IT Controls.
  • Experience of IT in a regulated financial services company would be useful but is not essential.
  • Experience in auditing cloud service and deployment models would be useful but not essential.
  • Demonstrable experience in Information Technology audits or IT Assurance (e.g. CISSP, CISM, CISA, CRISC, CCAK).
  • A sound understanding of British and International Security Standards (e.g. ISO/IEC 27001, ISO/IEC 27002, NIST, CIS-20, PCIDSS) and the UK regulatory environment (e.g. ICO, FCA, PRA, and CQC).
  • Strong interpersonal, communication, and influencing skills with the confidence and ability to operate effectively at all levels.
  • Professional experience in carrying out IT control reviews in a 1st, 2nd, or 3rd line of defence position.
  • Ability to work under pressure maintaining tight deadlines, high concentration levels, and keeping up with workflow requirements.

Benefits:

Our benefits are designed to make health happen for our people. We support flexible working and have a range of family-friendly benefits.

  • 25 days holiday, increasing through length of service, with option to buy or sell.
  • Bupa health insurance as a benefit in kind.
  • An enhanced pension plan and life insurance.
  • Annual performance-based bonus.
  • Onsite gyms or local discounts where no onsite gym available.
  • Various other benefits and online discounts.

Why Bupa?

We're a health insurer and provider. With no shareholders, our customers are our focus. Our people are all driven by the same purpose - helping people live longer, healthier, happier lives and making a better world.

As a Disability Confident employer, we offer a guaranteed interview for every disabled applicant who meets the minimum criteria for the job.

If you would like more information on the role or require an alternative format, please contact the Recruiter.