Risk & Control Analyst

The ideal candidate will have a strong background in controls testing within financial services and excellent analytical and problem-solving skills.

Key responsibilities:

• Execute controls testing procedures in accordance with the established methodology and testing plans, ensuring the accuracy and completeness of testing activities.
• Document testing workpapers clearly and concisely, providing sufficient evidence to support findings and conclusions, including recommendations for remediation and management action.
• Identify and escalate potential control deficiencies and areas for improvement, providing supporting documentation and analysis.
• Analyse testing results, identify trends and patterns that may indicate control weaknesses or areas of heightened risk.
• Collaborate with various departments within GCIO for control walkthroughs, sampling, evidence collection etc
• Maintain up-to-date knowledge of industry standards and best practices related to controls testing.
• Support the creation of GCIO Controls Assurance management information (MI)
• Participate in audits and assessments, providing support and insights as needed.
• Actively participate in team meetings and discussions, contributing ideas and insights to enhance the effectiveness and efficiency of controls assurance activities.
• Support Controls Assurance Lead to continuously identify and implement improvements within the assurance framework.

Skills & Experience Required

• 5-8 years experience in Information Security controls testing.
• Strong understanding of Information Security, for example, data protection, vulnerability assessment, penetration testing, security events and monitoring, data loss prevention, endpoint detection and response, network security etc
• Knowledge of industry standards like NIST and ITIL
• Excellent analytical and problem-solving skills
• Knowledge of regulatory requirements and industry best practices related to controls assurance, relevant to GCIO risks - such as Information Technology (IT), Information Security (IS), and/ or Data Management
• Exceptional communication skills, both verbal and written, with the ability to influence and engage stakeholders at all levels.
• Experience operating in a regulated environment and managing stakeholders across the Three Lines of Defense.
• Strong organization skills and attention to detail.
• Familiarity with cyber security, resilience and related domains preferred.
• Prior experience with Service Now Integrated Risk Management (SNOW - IRM) preferred.

Qualifications

• bachelors degree in Information Technology (IT), Computer Science, or a related field;
• Relevant certification (eg, CISA, CISSP), ISO 27001 Lead Auditor preferred