Controls Assurance Manager

Note : we need control testing candidates with Business process Audit

The First Line Governance Risk and Compliance (GRC) function provides oversight of policy, standards, risks and controls across different areas. The function drives a better understanding of first line risks and will support, advise and facilitate the leadership team in actively managing risk by making decisions regarding the need for remedial actions and/or risk acceptances taking into account:

- The current First Line GRC risk profile and control environment;

- The relative scale of exposure and their likelihood; and

- The cost and effort of remediating those exposures.

The policies and control frameworks managed by the team include Information Technology, Operational Resilience, Third Party Risk Management, Data and Privacy.

The primary role of the Controls Assurance Manager is to perform control testing across Third Party Risk Management, Operational Resilience, Data & Privacy areas and support the development and improvements of the control framework across all areas managed by First Line GRC to ensure that it remains aligned to the company risk appetite.

Knowledge:

- Strong knowledge and understanding of the business, their processes and ambition are essential.

- Detailed knowledge and practical experience with risk management practices and frameworks.

- Working knowledge of collaboration tools and new technologies with the ability to champion team learning and coach business colleagues when required.

- Essential knowledge of three lines of defence practice.

- Working knowledge of Financial Services, Technology industries and regulatory requirements in relation to IT risk, outsourcing and operational resilience.

- Experience of third party relationships and the Information Technology and security risks created.

- Certifications like CGEIT/CRISC would be advantageous.

Skills:

- Ability to translate technical and risk requirements and specifications into easily understood business concepts and vice versa.

- Able to determine risk profiles and to be accountable for these judgements and for the business activities undertaken to address them.

- Ability to build relationships at all levels in the business.

- Good organisational and system automation skills.

- Ability to drive activities in collaboration with colleagues in other areas.

- Excellent communication, verbal and written, and stakeholder management skills.

- Remain effective in situations when responsibilities, tasks, priorities and / or work environment change significantly.

- Commercial awareness across IT marketplace including offshore marketplace and supplier knowledge.

Experience:

- 8yrs+ experience in Technology and/or security risk management.

- Proven experience of creating simple but concise and impactful updates/visual presentation from complex data to key stakeholders during times of increased pressure.

- Demonstrable experience at working within three line of defence model and with senior business and IT stakeholders (e.g. managing directors, directors, Chief information officer, Chief information security officer, Chief operating officer).

Educational Qualification:

- Graduate in any discipline