Description
IT Risk Analyst, IT Risk, Technology Risk, CISA, CGEIT, CRISC, Risk Management, IT Key Control Framework
Harris Global are currently looking for an IT Risk Analyst to join our Financial Services client in their London office. The successful candidate will support the day to day management of the IT Risk Management and IT Key Control frameworks. Candidates must have prior experience working across technology risk.
Responsibilities will include:
- Maintaining the IT Risk Register and oversight of the risk profile for the IT function
- Driving improvements to the IT risk management capability
- Supporting stakeholders within the function to identify, assess, respond to, and report on IT risk
- Creation of appropriate risk reporting, to facilitate risk and control discussion, and inform risk-based decision making
- Delivering both light-touch and deep-dive IT risk assessments
- Managing the IT Risk and Control Self-Assessment process
- Continuous review and assessment of the impact of transformational change on the Technology control environment:
- Perform technical IT Risk Assessments (Aligned with the ISF IRAM model) on services being introduced to the environment - Informing Non-Functional control requirements for new services
- Perform light-touch and deep-dive Technology risk assessments specific to the delivery and integration of new services into the production environment - Informing the impact of change on technology controls
- Completing periodic IT Risk Forecasting exercises to assess technology risk exposure associated with IT Assets and deficiencies in IT Controls
- Fostering a risk aware culture within the IT function ensuring adequate training and risk expertise is provided across their operations
- Maintaining the IT key control framework
- Performing key control testing and assurance reviews
- Supporting the function with the internal/external audit process, ensuring all audit issues are appropriate, assigned correctly and addressed in a timely manner
- Supporting the achievement of external accreditation such as ISO27001
Key skills:
- CISA, CGEIT, CRISC or equivalent is expected
- Technology Risk Management
- IT Control Frameworks (ISO27001, NIST, CIS, ISF)
- IT Auditing/Key Control Testing (TOD/TOE)
- Stakeholder Management
- Project Management
- Excellent communication skills
IT Risk Analyst, IT Risk, Technology Risk, CISA, CGEIT, CRISC, Risk Management, IT Key Control Framework