IT Controls Analyst, Risk

IT Controls Analyst - This new role forms a key part of the Technology Risk Management function, supporting the Head of Technology Risk. The role holder will form a crucial component in the establishment of an enhanced risk management framework and beyond that identify and assess potential risks across Technology, as well as ensuring a comprehensive approach to risk mitigation.

Conduct comprehensive IT risk assessments to identify potential threats and vulnerabilities within the organization's Technology infrastructure.
Develop, implement, and monitor effective controls to mitigate identified IT risks, ensuring alignment with industry best practices and regulatory requirements.
Collaborate with cross-functional teams to ensure Technology risk management practices are integrated into all business processes and projects.
Provide expert advice and assurance on IT controls to support compliance with internal policies and external regulations.
Prepare detailed reports and presentations on IT risk assessment findings and control effectiveness for senior management and stakeholders.

£45 - 60,000 + Excellent Financial Benefits + Excellent Bonus potentialHybrid working

Among other responsibilities - you will:Identify the Technology risks faced by the organization that give rise to potential disruptions, failures, or adverse impacts on business processes arising from the use, adoption or reliance on technology including hardware, software, networks and information systems.
Provide oversight and challenge to the business as part of their evaluation of ng the design and operation of their controls to ensure they are functioning as intended to mitigate risks.
Work closely with TPRM to identify, monitor and report on the technology risk related aspects of Technology provided to the organization by third parties.
Review and approve (or decline) exception requests submitted where there is anticipated non-compliance with a control, standard or policy.
Maintain and update a register of Technology-related risk events, incidents, audit findings, exceptions, etc. Work with responsible areas to assess these, develop action plans, identify owners and track through to completion.
Review the outputs of the Third-Party Risk Management (TPRM) process to understand the due diligence results of critical 3rd party vendors and what risks they may pose to the organization.
Produce a suite of metrics for inclusion in the various Technology meetings/forums/reports as required.
Develop specific metrics relating to the risk exposure of 3rd party technology providers in its suite of metrics to ensure the risk position is understood.

Attributes:
Attention to Detail
Organisational Skills
Communication Skills
Proficiency in Office Software
Technology Knowledge: Work towards a detailed understanding of Technology and cyber risk frameworks (eg NIST/ISO27001/COBIT/ITIL).