IT, Risk, Governance & Cyber Analyst
£40-45,000 plus package
Redhill, Surrey
Hybrid (2+ days a week in the office)
One of the UK’s Leading Motor Finance companies is currently looking for an IT, Risk, Governance and Cyber Analyst to join them.
The purpose of this role is to support the eCISO, IT Risk & Governance Manager with managing IT Risk, governance, controls and cyber security.
The job holder is responsible for ensuring that all IT and Cyber risks are identified and proactively managed with regular reviews, mitigation plans and respective performance metrics. To ensure that all Controls are tested at least annually. To ensure an appropriate IT Governance Framework is in place and that the respective IT functional heads have the correct IT policies, procedures, standards, RACI charts and practices for conformance with the IT Governance Framework and mandatory legislation and regulations as necessary. In addition, to support in the delivery of education and awareness of employees as it relates to IT Risk and Cyber Security.
Responsibilities will include:
• Identify, assess, manage, and report on all IT Risks in line with recognised good practice and 2LoD expectations. Ensure that all pre and post mitigation impacts are regularly re-assessed, all mitigation activities published are in place, all new risks are logged in Heracles, in a reasonable timeframe, and that the CIO, IT Leadership Team and relevant business stakeholders have the appropriate visibility.
• Perform control testing throughout the year to ensure all controls are tested at least annually. Ensure they have any required action plans in place and all evidence is stored in a central repository.
• Perform gap analysis against all new and updated internal policies and ensure appropriate action plans are implemented to address any gaps. Ensure all policies are approved in the relevant committees/forums and published in a central repository.
• Keep current and monitor performance against an IT Governance Framework suitable for the business.
• Support other team members with audit and compliance enquiries. Ensure that these control functions have appropriate access to the department in accordance with the published audit reporting schedule/plan and monitor and track all associated IT remedial activities to completion and agreed deadlines.
• Be the primary contact for IT related P3+ incidents and ensure they are logged in Heracles in accordance with group policy. Be the primary contact for Operational Risk to ensure all relevant information is captured and reported in a timely manner.
• Support the team in the maintenance and production of appropriate IT & Cyber performance reporting (metrics) and relevant alignment with the requirements of HQ in Spain. Ensure adequate action plans are in place for those that are out of appetite and ensure all metrics are uploaded monthly as per Group requirements.
• Design, plan and execute local Ethical Phishing campaigns and ensure the results (or both local and Group) campaigns are followed up on, shared and reported to the relevant people in line with consequence management process. Publish all results on local intranet and in relevant forums and committees.
• Design, plan and publish relevant and up to date cyber awareness articles on local intranet. Ensuring alignment with SanUK.
• Deliver monthly cyber awareness training for all new starters and for those who need a refresher, both in-person and virtually. Keep a register of those who have participated and follow-up on those who do not attend.
• Responsible for vulnerability management reporting and liaison with both internal and external suppliers to ensure remediation is completed to meet SLA.
• Assist the eCISO, IT Risk & Governance Manager in producing the monthly reporting for all the relevant committees and forums.
• Be a single point of contact for Product Team Leads to assist in guidance through Governance forums and committees.
What we’re looking for:
• Proven practical experience in a similar role with demonstrable experience of developing, implementing, managing, and monitoring, and testing tailor-made controls adapted to the organisation served.
• Proven experience and ability in dealing with staff at all levels of a similar-sized organisation or larger.
• Excellent written and verbal communication skills.
• Excellent emotional intelligence, influencing and collaboration skills.
• Excellent presentation skills to enable effective delivery of Cyber awareness training.
• Ability to feedback on governance, risk, cyber and compliance issues in a structured manner and adapt good practice to meet the needs of the business.
• Demonstrated initiative and commitment for results and the ability to set priorities and manage multiple initiatives.
• Ability to adjust to changing priorities while multitasking effectively.
• Flexible and adaptable; able to work in ambiguous situations.
• Solid work ethic with attention to detail and commitment to results.
• Confident and effective problem solver and decision maker.
• Solid Microsoft Excel skills to enable the creation and production of regular complex reporting for key stakeholders.
• Industry standard qualifications in IT control and audit frameworks such as COBIT, CRISC, ISO2700X, ITIL is essential.
benefits include:
• Competitive salary dependent on experience
• 27 days holiday per annum, plus bank holidays
• Annual bonus based on personal and company performance
• £500 flexible benefit allowance
• Generous pension contributions
• Employee assistance programme
• Enhanced family-friendly policies
• Sharesave scheme
• Gym passes at a reduced rate for 3,000 gyms, leisure centres etc
• Local retail and high street brand discounts