ACTIVITIES
CANDIDATES APPLYING MUST HAVE EXTENSIVE EXPERIENCE IN IT CONTROLS
Supporting the maintenance of a controls culture across the IT organisation, including continuous communication with controls operators and owners across the IT function
Engaging with control owners and operators in order to test Security and COBIT/ITIL internal controls and to improve the facilitation of testing
Reviewing, evaluating and documenting internal controls, including the adequacy of documentation and design effectiveness assessment through review of documents and meeting Control Owners
Providing stakeholders with IT Controls test results and resulting action plans
Undertaking discussions with key stakeholders on IT control testing outcomes and action plans, and ensuring risk remediation/control improvement objectives are addressed by the actions
Supporting the shaping, development, and continuous improvement of controls frameworks across the business’s core processes and systems
Performing the testing of Design, Implementation and Operational Effectiveness of Internal Controls, including those managed by third party suppliers
Supporting the preparation of (eg, draft input to) committee packs for review by the Head of IT Governance and participate in appropriate risk forums and committees Skills & Capabilities
A demonstrable track record of managing delivery in a relevant technology risk function, including knowledge of key control areas, such as: security, IT resilience, change management etc.
Knowledge of IT risk management is key, with an understanding of the wider environmental risks and threats being a huge plus
CISA qualification is an advantage
Determination of IR35 status has not yet been determined