IT RISK GOVERNANCE OFFICER - STAINES - 45k
An exciting opportunity has arisen for an IT Risk Analyst to join the second line IT Risk team at our client, a multinational energy firm based in Staines.
You'll be using your expertise to enable the effective management of risk and provide functional assurance over related controls for IS in line with risk appetite.
You will also engage with key stakeholders to manage, maintain, assess and monitor the risk and control framework and provides timely reporting to relevant stakeholders.
You'll also deliver the risk and assurance activities to provide overall assurance over the key services delivered by the IT function and support compliance with external requirements including external and internal audits.
On top of the above, you'll support the IT Risk strategy and plan, including:
* Alignment of work to Group Policy and Standards
* Evaluating and identifying new and current IT risks using both internal and external sources
* Reviewing the effectiveness of IT controls against the changing risk landscape to evaluate changes in residual risk
* Identifying opportunities for IS process improvement
* Working with stakeholders to advise and provide guidance about the application of IS policies and standards and risk and control management processes
* Creating reports, dashboards and related communications to report on risks and controls assurance for stakeholders
* Reviewing and dispositioning risk exception requests in accordance with policy and standards
* Advising the IT function regarding policies and standards and helping control owners address control gaps via identification of possible compensating controls
You'll have some of the following competencies
* Good understanding of Information technology governance, IT risk management and assurance, including Governance, Risk and Compliance platforms
* Knowledge of standards, frameworks, methodologies and leading practices related to IT risk and controls identification, assessment, evaluation, response and monitoring
* Knowledge of risk registers, as well as identification, assessment and mitigation methodologies
* Ability to grasp the interdependencies of key IT processes and workflows, external market factors and influences that drive the organisation, and apply these to the identification of effective risk and controls
* Understanding of the Information Security Forum (ISF) controls framework
* Demonstrated ability to work in teams, with the ability to effectively prioritise work/delivery commitments to achieve timely and effective outcomes
* Influencing key stakeholders to mitigate risks and meet compliance requirements
Certifications: Preferred, but not required certifications may include:
CompTIA Security+, Certified Risk Manager (ISO 31000), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA)
The role will be based in Staines and you'll be in the office Monday - Friday. Salary for the position is DOE up to 45k + flexible benefits + flexible working options.
To apply, please send a copy of your CV to Click here to contact this recruiter
or give Fran a call on [Telephone number removed]
for more information.
IT, Information Technology, Risk, Governance, Audit, Management, CompTIA, CISM, CISA, Policies, Staines, Middlesex, Sussex, London, Information Security, Job, Full Time