This role is responsible for facilitating the documentation of the Group IT processes, risks and controls in line with COBIT 5 methodology and the overall internal risk and control assessment process. Performance of design adequacy and operating effectiveness testing of controls to determine the residual risk.
Accountabilities for the role:
- Perform detailed control testing / assessments of the documented controls to test design adequacy and operational effectiveness.
- Create, own and maintain procedures, standards, templates and checklists which support the ongoing maintenance, testing and remediation of the documented risks and controls.
- Provide subject matter expertise relating to processes, risks and controls to all members of Group IT as required.
- Manage the engagement with Group IT management to update and maintain the existing suite of risk and control documentation.
- Gather attestations on a monthly basis from all Group IT Senior Managers to confirm operation of controls.
- Manage the performance of detailed control testing / assessments of the documented controls to test design adequacy and operational effectiveness.
- Ensure assignments are delivered in defined time scales.
- Collate and agree details of gaps identified and engage with management to agree actions to address the gaps identified.
- Create, maintain, manage and follow-up on all actions until completion.
- Deliver high quality written reports on Group IT risk management and control issues.
- Assist in the preparation of MI to provide Group IT management with an awareness of the status of their risk documents and the associated controls.
- Actively guide and contribute to Group ITs’ understanding of risks and control and associated testing standards and policies.
- Establish and maintain professional relationships with a wide range of stakeholders including the senior executives of Group IT.
- Maintain ongoing communications with relevant business areas to ensure effective support regarding their process, risk and control advice requirements.
- Assist in facilitating Group Risk’s reviews / assessments / tests of Group IT’s internal control framework.
- Manage a team of 1-2 business control unit analysts with responsibility for quality assuring their work and providing performance feedback to them and the Group IT Risk Manger where appropriate.
- Assist the Group IT Risk Manger in providing leadership to their assigned team.
- Allocate staff to assignments taking into consideration their particular skills while at the same being mindful to allocate them to an appropriate mix of assignments so they are continuously being developed and challenged.
- Coach and mentor team members.
- Demonstrable knowledge and experience of process and controls testing in a regulatory environment e.g. Sox / SSAE16/ PCI and / or experience of working in an IT audit environment.
- Demonstrable knowledge and experience of IT risk and control frameworks.
- Demonstrable knowledge and experience of risk analysis, preferably in an IT environment.
- Demonstrable knowledge and experience of industry-related risk and control frameworks and policies.
- Ability to communicate complex concepts clearly with stakeholders.
- Knowledge and experience of enterprise IT Services.
- Knowledge of COBIT 5 desirable.
2. Content/Technical Knowledge
- 5 + years experience of IT process and risk analysis and IT control testing and related activities, preferably in a financial services IT environment.
- CISA , CRISC of equivalent qualification desirable.
3. Further Expected Knowledge and Skills
- Strong people engagement skills and ability to manage internal and external relationships.
- Good knowledge of trends and innovations that are occurring in IT control environments and associated testing requirements.
- Good written and verbal communication skills.
- A 3rd level qualification in an appropriate discipline is desirable but not essential.