It And Cyber Controls Assessment Manager

This role is part of the Technology and Cyber Risk and Governance team, who are responsible for IT and Cyber risk and control processes including policy and promotion of a strong cyber security culture, assessment and reporting of cyber risk appetite and controls, internal security driven projects, performing targeted security assessments and Cyber oversight of critical third parties.

The role will manage a team that assess the strength of Cyber and IT controls across the bank. Working closely with application and infrastructure teams, this role will perform access recertification controls across key applications and infrastructure alongside other critical assessments such as toxic combinations assessments,

The primary location for the role will be Central London location.

This role coordinates the first line assurance function. The following attributes are key:

• An experienced user / administrator of Sailpoint, sufficient to run application and infrastructure recertifications.
• An experienced IT auditor skill to understand coordinate and lead first line control assurance over areas such as change control, provisioning and Segregation of Duties controls.

• Quality assurance: Level 5
• Plans, organises and conducts formal reviews and assessments of complex domains areas, cross-functional areas, and across the supply chain.
• Evaluates, appraises and identifies non-compliances with organisational standards and determines the underlying reasons for non-compliance.
• Prepares and reports on assessment findings and associated risks. Ensures that appropriate owners for corrective actions are identified. Identifies opportunities to improve organisational control mechanisms.
• Oversees the assurance activities of others, providing advice and expertise to support assurance activity.

• Plans and implements complex and substantial risk management activities within a specific function, technical area, project or programme.
• Implements consistent and reliable risk management processes and reporting to key stakeholders.
• Engages specialists and domain experts as necessary.
• Advises on the organisation's approach to risk management.

• Contributes to planning and executing of risk-based audit of existing and planned processes, products, systems and services.
• Identifies and documents risks in detail.
• Identifies the root cause of issues during an audit, and communicates these effectively as risk insights.
• Collates evidence regarding the interpretation and implementation of control measures. Prepares and communicates reports to stakeholders, providing a factual basis for findings.

Risk & Compliance

• Ensure that all Governance and Compliance requirements are adhered to and all reporting and reviewing activities required by the Regulatory Bodies are carried out to the standards required.

Essential

• Experience in Identity Management and Access Recertifications
• Experience with managing user access management controls and processes, access modelling methodologies (e.g. Role Based Access Control (RBAC), authorisation policy management, and risk-based methods of access lifecycle management for applications and data.
• Understanding of access governance around key financial applications, databases, and environments
• Excellent written and oral communication skills
• Ability to work independently within a defined remit, managing schedule and multiple objectives with minimal oversight

Desirable

• Experience with supporting compliance and security control implementation and evidence collection
• Working understanding of industry standards for technology processes and procedures and risk such as COBIT, ITIL, ISO2700x
• Experience with Attribute Based Access Control (RBAC) methodology
• Awareness of Access Management requirements impacting Financial Service Industry
• Knowledge across multiple technology and risk domains
• Awareness of the guiding principles and underlying requirements of compliance against regulatory requirements such as GDPR and PCI

Rullion celebrates and supports diversity and is committed to ensuring equal opportunities for both employees and applicants.