IT Controls Specialist

Location London
Discipline: Audit, Risk & Compliance
Job type: Permanent
Contact email: alex@weareedenbrook.com
Job ref: J4021
Published: over 1 year ago
Based in the heart of London, you will be part of a team of six peers working under the guidance of a Head of Control Testing with the primary purpose of testing the IT controls that are applied to these business applications and to the processes, services and infrastructure that support them. The scope of this role covers all types of IT control, and on a quarterly rolling basis the work will cycle through the set of IT controls related to each of Governance, Security, Operations and Change. This includes controls related to cyber security (modelled on the NIST, ISO & CIS-20 frameworks) as well as general IT controls aligned to the COBIT and ITIL frameworks. Key Responsibilities and accountabilities: • Build a trusted relationship with IT Process and IT Control owners • Work with the Process and Control owners to improve Processes and Controls • Operate the existing Information Security RCSA • Develop 3 new RCSAs for IT Governance, IT Operations, IT Change • Run one IT RCSA each quarter (so that the 4 subsets cycle through annually) • In each RCSA provide guidance to the control owners on best practice • In each RCSA provide “audit quality” independent testing of IT processes and controls • Oversee the remediation of any defects identified by the RCSA process • Perform ad hoc deep-dive reviews of IT processes and controls • Perform quarterly risk and control self-assessments on IT Controls • Document control deficiencies and recommend improvements to process and control design and operation • Conduct onsite or desk-based risk assessments of third parties during the onboarding or tender process to identify risks and weaknesses in the supplier’s systems prior to commencing services with them Qualifications and Training: • Formal training and hands-on experience of designing, operating or auditing IT Controls. • Experience of IT in a regulated financial services company would be useful but is not essential • Demonstrable experience in Information Technology audits or IT Assurance (e.g. CISSP, CISM, CISA, CRISC) • A sound understanding of British and International Security Standards and the UK regulatory environment. • Professional experience in carrying out IT control reviews in a 1s, 2nd or 3rd line of defence position