Company: Financial Services
Location: City of London
Reports to Head of IT
To Support the Head of IT in maintaining and supporting all aspects relating to IT Governance, Risk, and compliance.
To ensure that the appropriate IT Governance Framework is in place by working and supporting the respective areas within the IT department to ensure that they have the correct policies, procedures, reporting, and standards in place.
The IT GRC Analyst will be working closely with the IT Infrastructure, Development and Security teams to establish a common IT GRC framework.
Main Duties/Key Responsibilities
You will be responsible for assisting the IT department with supporting, developing, and implementing the IT Governance to include: -
• Primary contact in assisting in performing periodic reviews relating to IT by audit, risk, and compliance team.
• Assessing and maintaining IT controls defined in Policies and Standards.
• Assessing and documenting IT risks.
• Raising exceptions and defining remediation plans with risk owners.
• Assisting to establishing an IT governance framework to encompass the technology across the Bank
• Documenting processes for new systems/services.
• Establishing formal reporting (MI) of IT governance activities.
• Monitoring of day-to-day IT operational risks / policy exceptions within the IT Risk Register.
• Assisting the risk owner with assessing risks and documenting remediation plans.
• Establishing and develop the on-going formal reporting of IT risk within the Bank
• Analysing critical incidents and reporting them in the Operational Risk reporting system.
• Suggesting control improvements to increase maturity and the overall security posture.
• Coordinating IT control attestations within the IT department and with third party service providers.
• Degree level – Computer Science or equivalent
• 2-3+ years of Information Security Governance, Risk and Compliance or IT Audit experience.
• Experience of analysing and communicating IT related incidents both internally and 3rd parties
Knowledge & skills
Required knowledge & skills:
• Knowledge of information security risk management frameworks.
• Exposure to and understanding of IT Infrastructure and Business Applications areas
Beneficial knowledge & skills:
• Industry recognised technical certifications such as ITIL, CISSP or similar.
Strong interpersonal and communications skills.
Strong independent working attitude and able to problem solve within tight time constraints.
• Able to work to deadlines and manage workflow.
• Strong ability to multitask.
• Attention to detail.
• Willing to learn and be flexible on duties.