- Technology and Cyber audit finding specific duties:
- Be the ICS risk management lead supporting validation of internal audit findings and appropriate remediation approach by Technology and Cyber functions to treat the risk within an acceptable risk based timelines
- Become an SME on the Internal Audit processes, schedules and support functional leads in agreeing remediation plans timeline based on the end to end internal audit processes
- Analyse audit findings to identify generic indicators of risk, control design and effectiveness which might be systemic.
- Perform oversight of reporting of internal audit findings and provide constructive feedback and challenge.
- Be a point of contact to Technology and Cyber colleagues who might need some support in effective management of risk from internal audits.
- Be a point of contact for Internal Audit if they perceive any issues potentially effecting the timely completion of the audit findings.
- Support development of KRIs to assist Technology and Cyber functional management effectively manage risk raised from internal audit findings.
- Support the consideration of MAP findings and how these align to technology and cyber control design and effectiveness verification and how these might impact the technology and cyber risk profile.
- Support performing risk identification, assessment, treatment, reporting and governance processes relating to effective management of technology and cyber risk.
- Support the management of the Technology and Cyber Risk Management Frameworks and related automation of processes.
- Support the building of an effective culture of technology and cyber risk management through awareness and education.
- Experience of technology and cyber internal audits within the structure of 3 lines of defense
- Knowledge and experience of technology and information and cyber security risk and controls frameworks and related processes
- Experience of implementations using Agile approach and practices
- Experience of technology and cyber risk and issue management
- Knowledge of GRC tool such as Riskonnect would be an advantage
- Knowledge and understanding of Information Security Frameworks and standards (FFIEC, NIST, ISO etc.)
- Excellent communication skills, especially written English
- Strong stakeholder management, ability to foster and grow relationships, constructive challenge and negotiation skills.
- Detail-oriented and capable of delivering at a high level of accuracy
- Experience of analysing reporting submissions for completeness and accuracy, and addressing areas of concern with contributors
- Proven ability as a team member with ability to prioritise conflicting deadlines and priorities, and respond quickly to changing priorities and work effectively on their own initiative
- Able to interpret & present data and information in the appropriate format for different audiences
- Educated to degree level or equivalent
- Hold professional qualifications in a relevant subject; for example, CRISC, CISSP, CISM, CISA
- Experience in technology role (with proven experience of active management of technology and cyber risks (for example, in projects, technical SME areas etc.).
- Experience of working within a global financial organisation
- Resourcefulness and organizational agility
- Global team player with good interpersonal and influencing skills
- Conflict management resolution (options analysis)
- Customer focus, integrity and trust
- Personal learning & development