IT Risk Analyst - City of London

IT/Information/Cyber Security
Ref: 123 Date Posted: Friday 24 Jun 2022
LinkedIn ShareShare
Financial Services
City of London
Reports to:
IT Risk Manager
The Role
Day-to-day management of the IT Risk Management Framework and the IT Key Control Framework, including:
•             Maintaining the IT Risk Register and oversight of the risk profile for the IT function
•             Driving improvements to the IT risk management capability
•             Supporting stakeholders within the function to identify, assess, respond to, and report on IT risk
•             Creation of appropriate risk reporting, to facilitate risk and control discussion, and inform risk-based decision making
•             Delivering both light-touch and deep-dive IT risk assessments
•             Managing the IT Risk and Control Self-Assessment process
•             Continuous review and assessment of the impact of transformational change on the Technology control environment:
o             Perform technical IT Risk Assessments (Aligned with the ISF IRAM model) on services being introduced to the environment – Informing Non-Functional control requirements for new services
o             Perform light-touch and deep-dive Technology risk assessments specific to the delivery and integration of new services into the production environment – Informing the impact of change on technology controls
•             Completing periodic IT Risk Forecasting exercises to assess technology risk exposure associated with IT Assets and deficiencies in IT Controls
•             Fostering a risk aware culture within the IT function ensuring adequate training and risk expertise is provided across their operations
•             Maintaining the IT key control framework
•             Performing key control testing and assurance reviews
•             Supporting the function with the internal/external audit process, ensuring all audit issues are appropriate, assigned correctly and addressed in a timely manner
•             Supporting the achievement of external accreditation such as ISO27001
•             You agree to comply with any reasonable instructions or regulations issued by the Company from time to time including those set out in the terms of the dealing and other manuals, including staff handbooks and all other group policies
Person Specification
Must have technical / professional qualifications:
or equivalent is expected
Personal skills, experience and technical knowledge required for the role:
•             Highly organised
•             Excellent communications
•             Team worker
•             Influencing skills
•             Self-starter