Log In Sign Up

IT Risk, Governance & Assurance Manager

Premium Job From Experis IT

Recruiter

Experis IT

Listed on

30th May 2017

Location

Milton Keynes

Salary/Rate

£500 - £550

Type

Contract

This job has now expired please search on the home page to find live IT Jobs.

MAIN RESPONSIBILITIES

IT Risk

* Accountable for the development and implementation of the IT Risk Strategy, IT Risk Management policy and the design of IT risk processes

* Accountable for the adoption of IT risk management processes, and execution of continuous improvement activity to mature risk compliance processes across IT

* Oversees the implementation and delivery of IT risk management tasks based on the International Organisational Handbook (I-OHB) guideline and leading practices, which reference key regulations that need to be applied within VWFS UK IT

* Accountable for ownership and development of the IT Risk Treatment Plan, IT Risk Register and the assessment of risk maturity levels

* Accountable for the resolution of identified and assessed IT risks, requirements and compliance gaps; ensures engagement with Local Information Risk Officer (LIRO), Local Information Security Officer (LISO), Local Information Compliance Officer (LICO), Chief Information Risk Officer (CIRO), Chief Information Security Officer (CISO), and Access Identity Management (AIM) Authority to agree a resolution action plan and drive this through to successful implementation

* Oversight of regular risk compliance monitoring and maintenance of key risk documentation, whilst ensuring that there is consistent risk conformity across all of IT

* Accountable for regular reporting and monitoring of risk reports and dashboards to ensure transparency.

Access and Identity Management (AIM)

* Accountable for AIM across the VWFS UK business, reporting to BoM and VWFS HQ

* Owns the VWFS UK AIM strategy, validating alignment to VWFS AG strategy and ensures that any modifications are thoroughly documented and communicated upon implementation

* Accountable for ensuring compliance across the VWFS UK business according to VWFS AG standards, BAFIN and other regulatory requirements

* Accountable for the execution and management of the yearly and bi annual recertification process

* Leads the review and compliance of AIM security guidelines

* Accountable for the delivery of required checks on Segregation of Duties (SoD) conflicts to ensure appropriate implementation of SoD and compensatory controls

* Accountable for producing regular IT compliance reporting against AIM conformity on authorisation concepts (e. g. Status of SoD conflicts, etc.)

* Responsible for the cohesive management of AIM, IT Risk, IT Audit and IT Compliance functions and team

Audit & Compliance

* Accountable for the establishment of an effective IT audit management framework to facilitate the identification, assessment, prioritisation and reporting of IT related audit and compliance activity within the organisation.

* Accountable for Compliance Maturity Model (MaRisk) activities carried out by the Local IT Risk Officer (a key Country leadership success measure), including oversight of activities undertaken outside of IT.

* Responsible for designing solutions to meet regulatory requirements and to provide quality assurance for audit and regulatory requirements e.g. COBIT, ISO27001/BAFIN/ECB.

* Perform a lead role in the IT Risk Committee, as part of the corporate governance framework, escalating critical IT Risk matters

* Owns the portfolio of identified IT audit actions, negotiating with Internal Audit (IA) and HQ Governance functions to enable prioritisation and provisioning of resourcing and funding requirements

* Responsible for agreeing audit schedule, stakeholders are Internal Audit (IA), IT, BoM, other senior management functions relating to compliance, risk and audit, (Risk, Compliance and Security)

* Present progress on audit findings and implement a robust process for tracking corrective and preventive actions Accountable for reporting on the progress of audit and compliance activities to key stakeholders - this will involve planning, scheduling, and prioritisation with ITEXEC/Risk Committees to secure funding. The role holder will also lead resource planning, working with resource managers to track and steer delivery.

EDUCATION, TRAINING AND EXPERIENCE

Essential

* Strong people management experience, with good people development and operational experience.

* Proven skills and experience in IT Risk, Compliance, Security and Audit Management.

* Technical knowledge of best practices in the field of IT risk, identity management, etc

* Expertise in FCA regulation and compliance,

* Deep knowledge and practical experience in subject area gained from working for in-house IT risk and compliance department of a regulated financial services company

* Excellent knowledge and understanding of IT risk and security frameworks and processes

* Knowledge of policies, standards and compliance frameworks relevant to Risk Management (e.g. COBIT, SYSC etc.).

Desirable

* CISM, CISSP, CRISC, CGEIT, Auditor certification or training..

* Financial planning and cost centre management.

* German Federal Banking Regulatory knowledge (BAFIN)

* Degree level qualified in management or technical/computing discipline

You are currently using an outdated browser.

Please consider using a modern browser such as one listed below:

Google Chrome
Google Chrome
 Opera
Opera
 Mozilla Firefox
Mozilla Firefox