IT Risk & Resilience Analyst

Job Description

Job Details:

As an IT Risk and Resilience Analyst in first line of defence, you will be key to the continuous development and enhancement of the risk and control environment across our client Enterprise IT Services support teams. You will achieve this through sustainable control operation, documentation and reporting.
The role will be responsible for assisting management with risk management activities across operational resilience, risk and control environment assessments, risk event analysis, business unit control testing, and tracking of issues and actions.
You will report to the IT Risk and Resilience Manager within the Enterprise IT Services team. The team is a centralised first line of defence function proactively supporting, monitoring and enhancing the risk and control environment operating. The team is operating in a dynamic environment and the members are supportive, energetic and committed to continuous improvement.

Responsibilities:

Support in the proactive identification, measurement, monitoring, controlling and reporting of risks and issues
Ensure risks and issues, controls, gaps and remediation plans are documented to a consistently high standard
Work closely with the Operational Resilience Team to (1) map the Enterprise IT Services team owned assets and controls underpinning critical business services, (2) identify gaps and (3) input to remediation planning
Play an active role in our client Operational Resilience projects
Work collaboratively with colleagues across Enterprise IT Services team and second line of defence to complete required risk management activities
Contribute to reporting updates required for governance fora, e.g. Risk Committee, Resilience Committee, etc
Support post-incident reviews to determine lessons learned in terms of controls and environment
Assist management in promoting and embedding a strong risk culture across Enterprise IT Services team
Establish yourself over time as a subject matter expert for IT Risk and Resilience
Improve understanding, awareness, and support identification of third-party risks across Enterprise IT Services team
Monitor the implementation and operation of controls for all risks
Effectively communicate complex information to colleagues across various levels and teams
Be highly motivated, work to a high standard and demonstrate initiative in seeking opportunities for continued professional and personal development

Requirements:

Experience in an I.T. Risk Management, Business Continuity Management or other risk role

Appreciation of the demands of documenting and operating a strong risk and control environment in an IT function; specifically in relation to third party /outsourcers
Familiarity with RCSA’s, supporting frameworks, policies & tools

Experience working with technical and operational teams to proactively question BAU activities, and document relevant risks and required controls in a clear and concise manner

Effective relationship management, communication and influencing skills both written and verbal at senior levels

Strong analytical and problem-solving skills
Practical, pragmatic approach with a solution focus and desire to provide great customer outcomes
Exceptional attention to detail
Self-starter with a track record of working on own initiative

Desired

Knowledge of relevant regulatory bodies, regulations and guidelines impacting the Financial Services industry (e.g. EBA, CBI, etc)

Broad understanding of Third Party Risk Management, Operational Resilience and Digital Resilience regulations, and associated control frameworks

CISA/CRISC/CISSP/CISM/CSX certifications
Knowledge of risk-related frameworks and standards (e.g. COBIT, ITIL, NIST CSF, ISO27001, CSA CCM & CAIQ, SOC Standards [ISAE3402])
Experience working in a fast paced environment
Experience of data analytics

‍