- Processing day-to-day operational and information security technical IT risks / IT exceptions within the IT Risk Register.
- Assisting the IT risk owner with assessing technical IT risks and documenting remediation plans.
- Establishing formal reporting of technical IT risk within Group IT and to 2nd line
- Assisting with annual Group IT operational risk assessments
- Supporting IT control compliance activities, e.g. annual review of IT controls, including assessing the maturity score.
- Assisting IT control owners with the ongoing self-assessment of IT controls to assist with 2nd line permanent control checks.
- Coordinating IT control attestations within Group IT and with third party service providers.
- Assisting with the implementation of the IT risk and IT control management frameworks
- Conducting governance reviews
- Documenting IT risk and IT control management processes
- Supporting formal GRC reporting activities
- 3-5+ years of Information Security Governance, Risk and Compliance experience
- Knowledge of information security risk management frameworks and compliance practices.
- Exposure to and understanding of IT Infrastructure and Business Applications areas.
- Experience of working with Internal and External audit teams.
- Proven ability in working across multi-disciplinary and multi-cultural, diverse environments.
- Excellent written and oral communication skills, with strong interpersonal skills at all levels.
- Knowledge and familiarity with the DORA regulation is desirable
- Industry recognised technical certifications such as ITIL, CISSP or similar is desirable