IT Risk Specialist

IT Risk Specialist

Your Role:
As a IT Risk Specialist, you will play a key role in supporting the delivery of an effective Operational & IT Risk function. Your role will involve providing technical expertise in delivering appropriate and meaningful challenge, guidance and support to various business areas to ensure that their technology risks are properly identified, assessed, controlled, monitored and reported upon in a consistent and timely manner.

Your Team:
You will work within the IT Risk team as a member of the Operational & IT Risk function. This function is a key component of the Second Line of Defence and is responsible for the ongoing assessment and monitoring of Operational and IT risks across the Bank.

Your Responsibilities:

• Provide expertise in delivering appropriate and meaningful challenge, guidance and support to the business in managing their technology risks in accordance with the Bank’s Internal Control and Enterprise Risk Management Frameworks and related frameworks, policies and procedures.
• Interact and engage with a variety of business areas in encouraging and collaborative ways to embed a strong culture that values risk and compliance management.
• Assist in the preparation of high quality and high impact risk assessments, reports and Management Information (MI).
• Support the business in the development of effective, efficient and sustainable control improvements.
• Support the development, monitoring and reporting of a suite of technology risk metrics.
• Build and maintain effective working relationships with the business. Engage, challenge and promote best in class risk management practices and standards.
• Handle conflicting priorities effectively, working to ambitious timelines.
• Support management in facilitating and delivering Technology Risk Awareness training, as required, throughout the Bank.
• Work with and support other teams within the function to facilitate upskilling and rotation of duties.
• Support for Line Manager as required, embracing a High Performance Culture and wider team development.
• Keep up to date with threats affecting technology and the use of technology in financial services in particular.
• Be highly motivated, work to a high standard and demonstrate initiative in seeking opportunities for continued professional and personal development.
• Maintain qualifications through ‘Continuing Professional Development’ (CPD) training.

Requirements:

Essential

• Professional approach and good understanding of governance, risk management and risk assessment and control practices within Financial Services and in a regulated environment, specifically regarding Technology Risk (e.g. information security, change management, service availability, operational resilience, and IT data integrity risks).
• Good knowledge of technologies (applications, infrastructure etc.), associated risks and emerging best practices in Technology Risk management.
• A relevant professional qualification (e.g. Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), Certified Information System Security Manager (CISM), Certified in Risk and Information System Control (CRISC), Certified Information Systems Security Professional (CISSP) or related field).
• Good problem solving and analytical skills together with the ability to document results to a high standard.
• A high level of attention to detail.
• Ability to organise and prioritise workloads appropriately and show determination and flexibility to deliver to challenging timelines.

Desired

• Two to three years’ experience of operating in a similar or related role.
• Strong communication (both written and verbal), relationship management and influencing skills, with an ability to handle difficult conversations.
• Experience of data analytics, while not essential, would be advantageous.