Divisional Risk and Control Analyst, AVP

Role Description

• Infrastructure Chief Operating Office (COO) is responsible for the effective operation of the infrastructure functions, driving operational efficiency whilst supporting the effective delivery of infrastructure services in line with business objectives and control requirements. It also includes oversight of Divisional Control Office (DCO) and Trade Settlement and Confirmations Operations (TSCO).
• Divisional Control Office (DCO) as part of Infrastructure COO, provides services to multiple functions in infrastructure. The DCO function is a dedicated risk, control, and regulatory oversight function, with prime responsibility for managing and proactively mitigating risk across the full breadth of the Technology and Infrastructure organization. Function also provides a consolidated view and central coordination of (non-financial) risks, as well as effective, efficient, and consistent standards and policies.
• (Technology Data & Innovation) TDI Control Testing & Assurance (CT&A) team part of COO identifies, tracks and reports control testing & assurance activities, conducts independent controls testing (design and operating effectiveness) on different risk types in line with the Control Testing Standards. The team also focuses on regulatory and risk-based assurance requirements. This role is within TDI CT&A team.

Your key responsibilities

• Perform Control Testing in line with Control Testing methodology/minimum standard
• Identify control deficiencies (findings), risks related to elements of controls, agree findings with stakeholders, escalate potential issues and exception items noted during the testing to senior management for discussion and further investigation, if deemed necessary
• Prepare Control Testing workpapers, reports for senior management detailing testing results, findings with highest quality
• Track Control Testing identified findings, perform required follow-up on open findings
• Participate (and prepare materials) in various Risk & Control governance forums
• Contribute to the development, collation and execution of the annual control assurance plan based on the results of the annual risk assessments, industry risk events etc. in consultation with the Head of Control Testing and other key stakeholders
• Consider regulatory and internal firm policy requirements as well as established best practices for control testing
• Support controls assurance activities
• Drive Annual Control Test Plan governance activities (Identify, discuss, and resolve any scoping conflicts between control testing teams)
• Monitor Control testing teams adherence to Control Testing methodology/minimum standards
• Contribute/drive continuous improvement i.e., minimum standard and tooling, automation
• Support, manage Control Testing vendor resources, where applicable
• Track testing related effort/budget Plan Vs. Actuals throughout the testing lifecycle
• Build and maintain solid working relationships with key stakeholders such as within the DCO, CSO, TSCO, GTI and other Testing Teams including Divisions/sub-divisions, 2 LoD and Group Audit (GA)

Your skills and experience

• University degree preferably in Computer Science, Mathematics, Engineering or a related subject or equivalent qualification in the areas of information security.
• Professional/industry recognized qualifications e.g., CISA, CISSP, CISM, CRISC are beneficial.
• Experience in Cloud Security audit/testing, GCP (Google Cloud Platforms) or Professional/industry recognized qualifications e.g., CCSP, CCSK
• Good knowledge of auditing IT application controls, e.g., from IT audits or IT risk management.
• Clear understanding of the relationship between IT risk and underlying business process risk.
• Knowledge of regulations governing financial institutions and of Compliance and AFC topics such as embargo controls or anti-money laundering is beneficial.
• Strong written and verbal communication skills and the ability to communicate effectively in conflict situations.
• Good drafting skills, including ability to record and describe complex issues clearly and succinctly, in a way that is easily understandable by any recipient of the relevant reports.
• Strong organizational, project management and leadership skills and attention to detail.
• Ability to work under pressure, multi-task and prioritize workload.
• Strong analytical, presentation skills and structured thought process with the ability to clearly articulate control deficiencies and related risk
• Flexible, proactive, and innovative mind set with strong organizational skills to take ownership and responsibility for agreed targets and to meet them within budget to enable a timely and efficient completion of projects.
• This is an IC (individual contributor) role, but Line management responsibilities may be required to be performed, where necessary.