Job Purpose:

The role is responsible for risk assuring IT controls following the OSB IT Risk assurance framework. This will be to ensure that risk mitigating controls continue to achieve the purpose they were initiated for and to alert the IT team to situations where these controls are either failing or not functioning correctly. The IT Risk assurance function follows a 3 line of defence model with assurance contributing to the 3rd layer.

- Manage the collation, analysis and reporting of completed assurance audit reviews, identifying key control weaknesses, failures, improvements, follow-up activity and remedial planning.

- Perform regular assurance reviews for IT departments to ensure compliance with the IT risk assurance policy and IT risk controls.

- Work with internal audit to develop a unified approach ensuring risk assurance reviews complement internal and external audits.

Occasional travel will be required to OSBs head office locations in the South East of England.

Core Responsibilities:

- Review the IT/ITSec Risk logs for mitigated risks that need assurance checks and develop a plan of assurance audits. Recheck mitigates using the assurance review date for that control.

- Review system alerts, system success/failure reports to ensure systems and controls are working correctly. Investigate anomalies and escalate to the correct IT teams.

- Work in conjunction with Operational Risk to ensure business to IT risks are adequately protected with the necessary assurance reviews.

- Book the necessary pre audit meetings with the internal IT risk assurance auditor and business stake holder for those systems.

- Maintain and update the IT Risk Assurance policy ensuring changes are recorded and version controlled.

- Record and monitor implementation of actions to resolve failed assurance reviews where the control has failed to be effective. Maintain a log of any such failures and ensure a suitable fix to the control is tracked and re-assured successfully.

- Delivering assurance for IT controls in projects where required.

- Building relationships and maintaining regular dialogue with key stakeholders across IT.

- Contribute to IT Risk meetings using Risk assurance MI to help guide the Risk team towards further improvements of controls.

- As nominated Risk Champion for your function, work alongside the Risk function in developing and maintaining a risk management agenda, acting both to ensure the necessary levels of transparency for potential risks and promoting a positive culture of awareness and accountability throughout your function

- Maintain the company's compliance standards and ensure timely completion of all mandatory on-line training modules and attestations

Experience Requirements:

- 5 years previous experience in IT Risk assurance is essential

- 5 years previous experience with IT Sec risk is desirable

- 3 years previous experience in a Financial Services IT department is desirable

- 3 years previous experience in carrying out IT audits around risk to systems is essential

- 2 years previous experience in IT Disaster recovery and Business continuity is essential

Knowledge Requirements:

- 5 years knowledge of IT infrastructure including network devices, servers and backup systems

- 2 years knowledge of IT Security systems

- 3 years IT risk management experience

Required Qualifications/Certifications:

- CRISC or CISA qualifications desirable

- ISO 27001 LA , ISO 9001 LA desirable

- Certification in PCI-DSS implementer desirable

This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.