About the Company
A well‑established and highly regarded financial services organisation in the City of London is looking for an experienced, Lead IT GRC Specialist to take on a broad, senior‑level role spanning risk, controls, and governance across a complex global IT environment.
About the Role
This is a substantive position, not a support role. You'll own BAU risk management activities, lead periodic risk assessments, drive control framework development, and act as the primary bridge between first‑line IT and second‑line functions including Information Security and Operational Risk. The organisation operates across multiple geographies with outsourced IT infrastructure partners, so you'll need to be comfortable navigating that kind of complexity from day one.
Responsibilities
- rnanceLead the development and continuous improvement of IT risk and control governance methodo
- logiesProvide change governance oversight across IT programmes and transformation initi
- ativesProduce senior stakeholder reporting on risk posture, control effecti
- venessMaintain repeatable BAU governance documentation including methodologies, processes, and guid
- es
RiskOwn and deliver BAU IT risk management, from identification and assessment through to tracking and - closureLead periodic risk assessments across critical applications, infrastructure, cloud environments, and operation
- al riskEmbed risk management into change processes for new and evolving
- systemsCoordinate second‑line risk reviews and manage responses to findings and recommen
- mplianceSupport the design and implementation of IT controls, ensuring they are clearly defined, measurable, and a
- uditableDrive control effectiveness and maturity assessments, identifying gaps and improvement oppor
- tunitiesCoordinate control attestations and self‑assessments across
- Group ITEnsure alignment with internal policies, regulatory requirements (including DORA), and audit expe
- fications
Significant experience in IT GRC, risk management, or information security - governanceStrong grounding in IT and information security risk frameworks, particularly ISO 2700
- 1 and NISTPractical experience in IT controls management, including design, documentation, assessment, testing, and a
- ttestationFamiliarity with L1 to L3 control frameworks and experience building or enhancing control met
- hodologiesExperience working alongside second‑line functions and managing audit and rev
- iew cyclesAbility to translate technical risk into clear, business‑relevant language for senior
- audiencesConfidence engaging with, and constructively challenging, stakeholders at
- all levelsBackground in regulated, complex, or outsourced IT environments is a strong
- advantageCRISC, CISSP, or similar certifications are desirable; French or German language skills a
Pay Range and Compensation Package
to circa £95k plus banking bens and bonus
£80 - 90k base with bo
Equal Opportunity Statement
We are committed to diversity and inclusivity in our hiring practices.
