IT Controls Testing Lead

My client, a Trading platform based in London, are looking for an IT Controls Testing Lead to join their growing team. For this role you will have to be in their offices 3 times per week.

Overview:

My client is a leading trading platform that is ambitiously expanding to the four corners of the globe. Their top-rated products have won prestigious industry awards for their cutting-edge technology and seamless client experience. They deliver only the best, so they are always in search of the best people to join our ever-growing talented team.

Responsibilities:

• Design and maintain a robust technology control testing framework aligned with risk management standards (e.g., NIST, ISO 27001, COBIT, ITIL).
• Develop and update testing methodologies, ensuring they address key risks related to IT infrastructure, cybersecurity, cloud services, and software development.
• Establish and maintain control testing policies and procedures that align with regulatory and internal governance requirements.
• Ensure the control testing framework integrates seamlessly with the broader Operational Risk Management Framework (ORMF).
• Maintain a comprehensive control library, mapping controls to risks and business objectives.
• Plan and execute detailed control testing activities across IT operations, systems, and processes, including:
• Cybersecurity controls (e.g., firewalls, encryption, access management).
• Cloud computing controls (e.g., AWS, Azure, Google Cloud).
• Data protection controls (e.g., GDPR compliance, data backups).
• Incident management processes and disaster recovery testing.
• Test both the design and operating effectiveness of IT controls.
• Prioritise control testing activities based on risk assessments, focusing on high-risk areas such as payment systems, customer data protection, and regulatory reporting.
• Document and communicate control deficiencies to relevant stakeholders.
• Work with technology teams to develop, track, and implement remediation plans to address identified control gaps.
• Perform follow-up testing to validate the resolution of issues and confirm effectiveness.
• Assess IT controls of third-party vendors and service providers, ensuring compliance with contractual and regulatory obligations.
• Support vendor risk management activities by evaluating third-party cybersecurity and IT governance controls.
• Document findings and control weaknesses, ensuring they are communicated clearly to relevant stakeholders.
• Work with control owners and process teams to develop and track remediation plans for identified deficiencies, ensuring timely resolution.
• Conduct follow-up testing to validate the implementation and effectiveness of corrective actions.
• Collaborate with risk teams to ensure control testing aligns with the organisation’s risk assessment and regulatory requirements.
• Present findings and recommendations to senior leadership, providing actionable insights to improve the control environment.
• Support regulatory audits and examinations by providing control testing documentation and responding to inquiries.
• Ensure the organisation is prepared for external reviews of its control environment.

Requirements:

• 5-7 years of experience in technology risk management, IT audit, or control testing within a regulated FinTech or financial services environment.
• Strong background in assessing IT and cybersecurity controls, including experience with cloud environments, DevSecOps practices, and digital payment platforms.
• Proven ability to perform test of controls (design and operating effectiveness).
• Strong understanding of operational processes, risk frameworks, and regulatory requirements.
• Proficiency in using governance, risk, and compliance (GRC) tools and control testing platforms.
• Familiarity with IT control frameworks such as NIST Cybersecurity Framework, ISO 27001, and COBIT.
• Proficiency with GRC platforms and testing tools (e.g., RSA Archer, ServiceNow, or LogicGate).
• Advanced knowledge of data analysis tools (e.g., Excel, SQL) and reporting tools (e.g., Tableau, Power BI).
• Strong understanding of cloud security, data protection technologies, and cybersecurity protocols.
• Experience in managing regulatory audits.
• Ability to work collaboratively with regional and global partners in other functional units; ability to navigate a complex organisation; to influence and lead people across cultures at a senior level.
• Excellent problem-solving skills, inquisitive nature and comfort challenging current practices.
• Proven track record of taking ideas forward without supervision and challenging others, where appropriate.
• Adapt at developing relationships with senior business executives with a reputation for partnering across organisation lines to mitigate risks.
• Highly disciplined, able to work with limited supervision and make independent decisions.
• Strong organisational, project management, and multi-tasking skills with demonstrated ability to manage expectations and deliver results.
• High level of professionalism, self-motivation, and sense of urgency.
• Bachelor’s degree in Computer Science, Information Technology, Risk Management, or a related field.
• Advanced degree (e.g., MS in Cybersecurity, MBA) is a plus.

If the above is of interest please apply to this role or call me on 0207 509 8040 to find out more.

About the job

Contract Type: FULL_TIME

Specialism: Information Technology

Focus: Information Security

Workplace Type: Hybrid

Experience Level: Director

Location: London

Salary: £110,000 - £130,000 per annum

Job Reference: 1GW30T-C4818753

Date posted: 25 February 2025

Consultant: Darius Goodarzi

Come join our global team of creative thinkers, problem solvers and game changers. We offer accelerated career progression, a dynamic culture and expert training.