Description
Risk & Policy Analyst Profile Required-GlasgowJob Description:
The Resources will be based in Glasgow, UK
Seniority level: Manager
The Role's responsibilities include:
- Lead a program of transformational change that will integrate the Technology risk assurance processes from 4 different acquisitions into Banks Understand, interpret current state across all acquisitions of Technology Risk assurance processes and architect an interim and target operating model.
- Perform indepth analysis of controls landscape across all acquired companies Communicate important information and insights to business and IT stakeholders on both Bank and its acquired business equivalents.
- Indepth business analysis and mapping of controls, making recommendations to adapt existing business strategies
- Participation in Transformation Squads working within the AGILE framework.
- Working knowledge of key Technology concepts eg data classification, protection, policies, governance, privacy, security assessment tools Understanding of key concepts related to risk assessment and controls
- Engages in process based thinking to effectively obtain, analyze and interpret information, identify root causes of problems, and draw the appropriate conclusions
- Working knowledge of technology applications and can identify and validate risk and controls Understanding of the relevant local technology risk regulations and the associated application to a financial services business
- Excellent written and verbal communication skills.
- Good organizational skills; a high degree of attention to detail and ability to manage multiple priorities
- Business/Product Knowledge: Familiarity and experience with electronic trading platforms is a strong plus, but is not required
Education, Background & Experience Required
Education: Bachelor's degree
- A minimum of 5 years of relevant risk experience from roles in any of the following:
- Audit (internal or external)
- Risk Officer/Information Security Officer
- Technology Risk Governance
- Risk Assessment (eg, RCSA)
- Control Testing (eg, SOX)
- Information Security/IT Security (eg, Entitlements Management, Segregation of Duties, Threat Management, Penetration Testing, Strategy)
- Regulatory (eg, working as a financial services regulator or having experience dealing with regulators)
- Technology/Information Security Policy/Procedures
- Process/Risk/Control Frameworks, eg, COBIT
- Certifications: Attainment of the following certifications is a strong plus, but not required
- Certified Information Systems Auditor (CISA)
- Certified in Governance for Enterprise IT (CGEIT)
- Certified Internal Auditor
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- Certified in Risk and Information Systems Control (CRISC)
- ISO 27001 Auditor