IT Risk and Control Officer

Job Description

Role & responsibilities Strategic Planning Create forward looking view of what the strategy should be with regard to Risk & Control in AM IT Relationship management Build and maintain relationships within WPB Cyber, CCO tech, ITSO, AM CITRO, Risk and Control Organization, ITID and 2nd line risk Knowledge Drive culture change around Risk & Control Consult on technology projects, providing support during IT audits Share best practice with the WPB Risk and Control Organization Provide guidance and help to IT delivery teams regarding security solutions to enable faster delivery of IT Systems Collaborating with IT development teams and other teams working closely in a DevOps and agile development processes Support the Safe and Secure development framework ensuring developers are coding in-line with security standards, practices and industry best-practice Stakeholder Management/Governance Partner with the AM business and Risk Functions to promote and provide support to relevant policies, standards and governance within AM IT Provide regional stakeholder updates with respect to global IT Control uplift programs Support IT engagement with internal / external / client audit and Regulatory Exams, including oversight of field work, collation of artefacts and partnership with CCO tech to remediate issues Attend relevant governance forums and where applicable provide appropriate MI Prepare the RCMM deck Communicate residual risk through reporting, business governance processes and forums Preferred candidate profile Partner and contribute to the risk & control agenda for AM IT Delivery of risk & control projects and programmes for AM IT Assist service owners in responding appropriately and effectively to firm-wide risk, cyber, internal, and external audits Contribute in evidence collection in delivery of external audits Partner with service owners, AM CITRO and 2nd line risk to identify and assess controls, determine mitigating actions and remediation activities, and understand the overall risk profile Advocate and support initiatives to improve accuracy across all Enterprise Golden Source data repositories Provide technical knowledge to support secure development of applications and remediation programs Provide visibility of status of action plans and external/internal audit issues Coordinate response to ICMP testing Support in mitigation of Risk Issue and Action Plan. Challenge where appropriate, decisions made on control implementation Review allocation of issues to AM IT and agree categorization of high/medium/low with audit and CCO tech Approve the raising and closure of regional IT issues, action plans, but look to automate process Fulfil DBIRO responsibilities for AM IT Advocate security policies and standards to wider IT team Support new IT projects with initial risk assessment, providing consultancy and guidance on controls and policies. Support where necessary key WPB security uplift initiatives Contribute to review of security standards and procedures Providing support for automated application security tooling working with Cybersecurity as necessary Interpret and advise on the results from security testing to both technical and non-technical audiences