Senior IT Risk and Controls Lead

Base salary 70,000 + Bonus + Benefits
09 May 2022
05 Jun 2022
Job Type
Technology Risk
Employer Sector
Financial Services
Contract Type
Full Time

The Audit and Risk Recruitment Company (ARRC), has been mandated by our client, a major UK based consumer credit business, in their search for an IT Risk and Controls Lead.

You will join a growing function which has been commended by the current CEO for the work that has already been accomplished.

Reporting into the Head of First Line Risk and Controls, you will carry out key controls testing and document associated results across Technology Functions, as directed by the Group First Line Control Function Methodology.

The role sits across 1st and 2nd line in terms of delivery but there is ample opportunity to move into other areas of the business and this will be actively encouraged by the leadership team.

The position is ideal for an IT governance professional looking to move into a first line risk and controls role.

Key Responsibilities

  • Determining and documenting the testing approach for Technology and Change key controls in line with methodology
  • Carrying out Technology and Change key control testing in line with testing approach
  • Documenting key control testing results and findings in line with the methodology
  • Managing the day-to-day interface with relevant Technology function contacts
  • Following up outstanding control implementation evidence where required
  • Evaluating whether key controls are designed and operating effectively
  • Discussing and agreeing findings with Group First Line Control management
  • Ensuring that key controls testing and documentation is performed to a good standard, in line with the methodology, and that conclusions and assessments are accurate and robust
  • Advising Technology and Change functions on requisite remediating actions and control improvements, based on control testing results, where required

Background Requirements

  • 4+ years' experience auditing/ testing IT and Change controls
  • Technology controls implementation and improvement experience
  • Knowledge of IT Risk methodologies
  • Excellent relationship management and influencing skills with the ability to balance assertiveness with need to build and maintain internal relationships
  • Strong communication skills, both verbal and written
  • Broad based Financial Services and banking experience
  • Resilient - able to manage disagreement and find ways to reach an agreed position
  • Self-starter with high degree of self sufficiency
  • Flexible and adaptable when plans change and when working with different stakeholders
  • Demonstrable understanding of the 3 lines of defense model


  • Exposure to large scale projects and business transformation initiatives
  • Experience auditing Cloud, Infrastructure and Security controls
  • Concentrates on what "good looks like" rather than "what might go wrong"
  • Embraces continuous learning and development
  • Commercially focused - good understanding of business performance dynamics

Desirable Qualifications

  • CISA, CISM or CISSP qualifications
  • Knowledge of COSO, 27001/27002 and 27018, SOC 1 and SOC 2 Type, SOX, etc

Apply for Senior IT Risk and Controls Lead

Already uploaded your CV? Sign in to apply instantly


Upload from your computer

Or import from cloud storage

Your CV must be a .doc, .pdf, .docx, .rtf, and no bigger than 1MB

Upload from your computer

Or import from cloud storage

Your Supporting Document (optional) must be a .doc, .pdf, .docx, .txt, .rtf, and no bigger than 1MB

4000 characters left

Marketing Communication

We'd love to send you information about jobs and service updates from and the Careers In Group by email.

We do not share your information with third parties for marketing purposes.
All emails will contain a link in the footer to enable you to unsubscribe at any time.

When you apply for a job we will send your application to the named recruiter, who may contact you. By applying for a job listed on you agree to our terms and conditions and privacy policy. You should never be required to provide bank account details. If you are, please email us.

Similar jobs

Similar jobs