IT Risk & Control Analyst

  • Location


  • Discipline:


  • Job type:


  • Salary:

    £35,000 - £40,000 + benefits

  • Consultant:

    Richard Abelson

  • Email:


  • Job ref:


  • Published:

    11 days ago

My client is a market leading financial services organisation looking for an individual to support, define and audit IT operational and security controls to meet the defined Business Standards for IT Operations and Security to mitigate common operational IT risks

Reporting to the Head of IT Operations, responsibilities will include;

  • To define the Groups IT control requirements that align to the requirements of the IT Operational and Security Standards set by their parent company
  • To support the implementation of process or system controls to meet defined IT Standards
  • IT risk event management and issue mitigation ownership
  • Conduct the testing of IT Controls
  • Continual assessment and auditing of the operation of controls owned by IT.  Where controls are deemed ineffective, own and drive the mitigating actions to see they become effective
  • Providing guidance, feedback, and support across Group IT to ensure continuous identification, assessment, and mitigation of risk across the business
  • Conducting risk assessments of all IT owned risks
  • Reporting of KRI’s relating to IT owned risks
  • Assist 2nd and 3rd line risk management teams with assurance activities and internal audits
  • Assisting external auditors when being audited
  • Risk Management statistical reporting for the Head of IT Operations, the IT team, and the wider business
  • To work with key stakeholders to support information requests and information security queries including Group Information Security Officer and external auditors
  • Build valuable relationships with peers to understand best practices
  • To undertake projects as and when required, to support the needs of the business or to achieve departmental objectives.


Key Requirements-

  • Previous working experience of 1st line IT risk management
  • Excellent stakeholder management skills
  • Ability to disseminate IT Risk Management Frameworks to several different stakeholder groups
  • Good technical understanding of IT operational and security controls
  • Ability to work independently with limited supervision
  • Previous working experience of control testing and assurance reviews
  • IT Risk Management
  • Excellent written and verbal communications skills
  • Excellent report writing skills and understanding of KRI’s
  • Good understanding of IT operational and security architecture principles and processes.
  • Good knowledge of IT Operations procedures and best practices.
  • Excellent knowledge of Information Security risk assessments and the ability to identify and communicate risks agreeing mitigating controls or formal acceptance of risks by the risk owner and controller.
  • Sound knowledge of the creation, review, and approval of IT Operational and Security controls 


The role will initially be based from home and then post Covid, the company will be adopting a very flexible working approach which will combine a mixture of office and home based working.

Salary is entirely commensurate with experience but will reflect the significance of the role. Benefits are comprehensive.