Location: London or Potters Bar (hybrid working options available)

The IT Risk & Controls Analyst plays a key part in providing assurance and insight to the management of technology risks, controls and any related governance activities. The role collaborates closely with Engineering teams to ensure that all technology risks are managed effectively and in compliance with standards, providing 1st line risk management expertise. The role also plays a key part in planning and facilitating annual audits, leading activities from a UK IT perspective and working with all parties providing strategic guidance, technical knowledge, quality control and quality assurance for all audit-related activities.

Duties/Responsibilities

• Provide 1st line risk management knowledge, guidance and support to all IT teams, acting as an SME in that field, helping teams manage technology risk. Collecting and analysing data on control effectiveness and assess the impact on risk posture including:

1. IT Risk Register
2. Open actions resulting from audits
3. Open security exceptions
4. Control effectiveness

• Lead the facilitation of annual audit activities impacting IT, collaborating with key stakeholders, 3rd parties and internal engineering teams to ensure smooth running of all audit activities and timely gathering of evidence
• Act as a point of contact and SME to ensure the Risk Controls Framework is effectively rolled out across all teams, working and collaborating closely with the Engineering teams to develop and implement risk mitigation strategies and controls, and tracking any subsequent action plans
• Work together with the GWLE IAM Team and Security Coordinators to assist in the improvement and operation of the SLAM and SAR processes, ensuring it is followed appropriately within the company.
• Conduct risk analysis to identify potential, or emerging, technology risks and vulnerabilities, gathering and preparing information to the Risk Owner to assist with decision making
• Responsible for working with key business stakeholders annually to attest to the IT Security Policy
• Work with European CSIO and Security function to ensure alignment between functions, to ensure policies are adhered to and reported consistently

Skills, knowledge and Experience

• 1st Risk Management experience
• In depth knowledge of Risk Management frameworks and processes
• Excellent communication skills, demonstrating a clear and articulate standard of written and verbal communication in a complex environment, tailored for all levels of management
• Attention to detail
• Ability to prioritise own workload and act independently
• Good interpersonal/networking skills, with the ability to maintain a variety of relationships with multiple stakeholders.