Senior IT Risk and Controls Lead

The Audit and Risk Recruitment Company (ARRC), has been mandated by our client, a major UK based consumer credit business, in their search for an IT Risk and Controls Lead.

You will join a growing function which has been commended by the current CEO for the work that has already been accomplished.

Reporting into the Head of First Line Risk and Controls, you will carry out key controls testing and document associated results across Technology Functions, as directed by the Group First Line Control Function Methodology.

The role sits across 1st and 2nd line in terms of delivery but there is ample opportunity to move into other areas of the business and this will be actively encouraged by the leadership team.

The position is ideal for an IT governance professional looking to move into a first line risk and controls role.

Key Responsibilities

• Determining and documenting the testing approach for Technology and Change key controls in line with methodology
• Carrying out Technology and Change key control testing in line with testing approach
• Documenting key control testing results and findings in line with the methodology
• Managing the day-to-day interface with relevant Technology function contacts
• Following up outstanding control implementation evidence where required
• Evaluating whether key controls are designed and operating effectively
• Discussing and agreeing findings with Group First Line Control management
• Ensuring that key controls testing and documentation is performed to a good standard, in line with the methodology, and that conclusions and assessments are accurate and robust
• Advising Technology and Change functions on requisite remediating actions and control improvements, based on control testing results, where required

Background Requirements

• 4+ years' experience auditing/ testing IT and Change controls
• Technology controls implementation and improvement experience
• Knowledge of IT Risk methodologies
• Excellent relationship management and influencing skills with the ability to balance assertiveness with need to build and maintain internal relationships
• Strong communication skills, both verbal and written
• Broad based Financial Services and banking experience
• Resilient - able to manage disagreement and find ways to reach an agreed position
• Self-starter with high degree of self sufficiency
• Flexible and adaptable when plans change and when working with different stakeholders
• Demonstrable understanding of the 3 lines of defense model

Desirable

• Exposure to large scale projects and business transformation initiatives
• Experience auditing Cloud, Infrastructure and Security controls
• Concentrates on what "good looks like" rather than "what might go wrong"
• Embraces continuous learning and development
• Commercially focused - good understanding of business performance dynamics

Desirable Qualifications

• CISA, CISM or CISSP qualifications
• Knowledge of COSO, 27001/27002 and 27018, SOC 1 and SOC 2 Type, SOX, etc