IT Risk and Controls Lead

Role: IT Risk and Controls Lead

Location: East London (Fortnightly)

Salary: 55,000 - £60,000

Effective management of IT Risks, and their associated Controls, is a key aspect of the maturing IT organisation but something that can be hard to achieve when relying on collective responsibility.

This role will demonstrate clear ownership for IT Risk and Controls and deliver ongoing management of policies, procedures, risk reviews and a quarterly plan to address specific actions in this area. This is important to ensure consistency across all areas of IT and that controls remain active and up to date.

Ideal Candidate:

• Build and maintain close working relationship with the Risk Assurance department to ensure policies, and procedures, are aligned to Enterprise level policy and meet regulatory requirements.
• Operational ownership of the IT Risk Register, ensuring adherence to the agreed IT risk management framework. This should include working with each department to review IT risks, to an agreed schedule, and escalating high severity risks appropriately.
• Working with the IT Services Manager, and the Head of Change, to manage risks identified through incident, or change, management processes in line with the IT Risk Management Framework.
• Work with risk Owners to identify mitigating controls and maintain a controls register that is prioritised appropriately (Risk vs Control Coverage).
• Maintain a central library of IT Policies, and Processes, ensuring each one has a clear owner and periodic review cycle.
• Represent IT Risk within the Change Organisation to ensure that new risks being introduced by new Projects, and any changes to existing risks, or controls, are transitioned into the BAU risk process. In addition, ensuring any programme risk, in terms of failure of an initiative or project, is captured as a Strategic risk or alternate appropriate risk category.
• Manage a quarterly action plan, working across all IT departments, to:
• Address control gaps, or improve existing provision, based on priority.
• Conduct control audits, for example a System Access Review, to ensure ongoing compliance and adherence to policy.
• Conduct periodic reviews of IT Policies and Procedures
• Own, and run, the Major Incident Reporting process to ensure that Major Incidents are correctly documented at an enterprise level. Capture any new, or amended, risks or controls that are required as a result of the incident.
• Develop operational risk and control KPI's, and ensure regular reporting of those.
• Assist in internal, and external, audit processes as required

  Required Skills & Experience

  • 5+ years' experience in a service-oriented IT role.
  • COBIT Experience
  • Demonstrable working knowledge of common IT processes and department functions.
  • Experience of Risk Management at either a Project, Programme or Department level.
  • Working knowledge of a recognised Risk Management Framework, such as NIST, or as part of a more general framework such as ITIL 4
  • Process driven mentality
  • Good general communication skills, with an ability to author technical documents to a high standard
  • Proven ability to work with others to plan activities and then drive them to completion within agreed timescales.

    If role sounds of interest, do not hesitate to submit your CV