IT Risk and Controls Consultant - 3 to 6 Months

Job Description

Principal Accountabilities:

Risk identification:

• Develop and implement risk identification strategies; this will involve working with multiple teams to design solutions, educate and support risk identification exercises;
• Create and maintain a risk taxonomy and reference library to support technology risk identification and assessment, collaborating with various risk type stakeholders;
• Understand business and technology service business criticality and dependencies, by working with various teams and supporting our Operational Resilience Manager to conduct business impact and vulnerability assessments.

Risk assessment and evaluation

• Coordinate periodic Risk Control Self-Assessment exercises, control testing and run thematic deep dives, working cross-function to create and maintain a transparent view of all technology risks;
• Monitor and review internal and external technology issues and risk events, and create and maintain a knowledge base to support continuous organisational learning and improvements;
• Support the Third Party Risk & Assurance Specialist with vendor risk assessments, controls assurance and compliance attestations for clients and other third parties.

Risk controls and management:

• Develop and implement risk and control management strategies; this will involve working with multiple teams to design solutions, maintain and report on the residual risks within technology and application estate and third-party supply chains;
• Maintain and evolve technology governance framework and controls reference library, by using industry standards and collaborating with other Technology Services teams as well as stakeholders including Information Security, Data Governance, Legal and Compliance, Procurement and Risk;
• Manage and update the IT controls library, providing change management, version control, quality assurance monitoring and reporting, as well as coordinating multiple teams to create and improve controls and develop standard patterns;

Risk governance and compliance:

• Ensure accurate record keeping of all governance decisions, and create and maintain procedures to oversee and track policy and strategy exceptions and risk acceptances;
• Support any internal and external audits, certifications and the resolution of any audit findings.

Reporting & documentation:

• Prepare and present regular reports on technology risk
• Maintain accurate documentation for Technology Services Governance procedures, project updates and client interactions for audit readiness and knowledge transfer;
• Research, experiment and develop new technology risk visualisations to enhance communication and quick understanding.

Skills and Experience:

• Experience in cloud-based technology operations and administration, ITSM or ITIL is essential (IaaS, PaaS and SaaS) ideally in Azure or GCP
• Understanding of various types of Enterprise IT environments including data architecture, corporate back-office applications and cyber security systems
• Designed, deployed and operated IT controls and procedures
• Created policies and standards to implement components of IT Governance, Risk and Compliance