IT Risk Analyst

The Technology Risk team, which is part of the IT department, supports a broad range of applications, infrastructure and databases across London, New York and Asia and provides IT Risk and Control Governance, Identity and Access management and Cybersecurity support across the firm.

The IT Risk Analyst role sits within the IT department and supports the delivery of IT risk and control governance services globally. The role provides support in overseeing the control environment across multiple IT teams and assists in assessing technology risks across key applications, systems, and processes. The analyst will help maintain a clear understanding of the key areas of technology risk and contribute to ongoing monitoring and governance activities. Working closely with members of the Technology Risk team, including Cyber Security, and IT teams, the role supports the identification and tracking of remediation actions to address identified risks. The analyst also assists with the operation of risk governance processes and works collaboratively with colleagues in Operational Risk as well as Internal and External Audit.

• Support the operation of IT risk governance processes across IT teams including control assessments, risk committees, risk acceptances, risk register, risk remediation and action tracking.
• Assist with the identification, capture and ongoing management of IT risks raised by IT teams including risks arising from vulnerabilities, incidents and formal control assessment activities.
• Work in collaboration with IT teams to support the definition, tracking and monitoring of remediation actions addressing control weaknesses, including actions arising from vulnerability scanning or penetration testing.
• Support application and system control reviews as part of periodic control assurance activities.
• Assist in the production of monthly management information and reporting to support activities within IT risk management.
• Support the provision of technology risk and controls advice to IT teams and liaise with relevant control owners across the bank including Information Security and Business Continuity.
• Work collaboratively with Operational Risk and Internal and External Audit teams to support assurance and governance activities.

We’re looking for the following skills and experience:

• Professional Qualifications CISA/RiskIT/CISM/CISSP/CSSLP (Desirable).
• Knowledge of technology risk and control taxonomies and the industry standard frameworks (COBIT, ISO27001, ISO/IEC 27034).
• Experience working in IT with a risk or controls focus or in an internal audit function specialising in IT.
• Understanding of Software Development Lifecycles (SDLC) and IT General Controls (ITGCs).
• Excellent relationship management and collaboration skills and ability to provide appropriate challenge to IT colleagues on control design and operation and the tracking of any agreed remediation activities.
• Understanding of audit requirements and ability to provide accurate and timely information to requests.

ICBC Standard Bank Plc (ICBCS) is a leading financial markets and commodities bank, driven to deliver the right outcomes for our stakeholders, clients, counterparties and markets. We benefit from a unique Chinese and African parentage and an unrivalled global network and expertise. We’re headquartered in London, with operations in Shanghai, Singapore and New York.

We’re a diverse and close-knit global team. We put people first, giving talented, self-driven professionals the flexibility, rewards and freedom to grow their expertise and realise their potential. Our vision statement, "Be Yourself, Succeed Together" underpins our drive for an open and transparent culture which values difference, enabling everyone to thrive whilst being themselves. We have an active E, D&I forum and we’re growing other employee network groups, including for women and neurodiversity. We’re committed to the principle of equal opportunities. All applicants will be treated equally and will be considered on their merits and skills without discrimination.

What’s in it for you?

• Financial market-based pay based on skills and experience, discretionary annual bonus, pension contribution 10% (employee contribution 5%), travel insurance, life assurance and income replacement insurance.
• Hybrid working - the option to work remotely up to two days per week, depending on the role.
• Family - 6 months fully paid maternity leave and enhanced shared parental leave. Coaching for family leave returners and access to emergency care via My Family Care. Miscarriage and menopause policies.
• Wellbeing - private medical insurance, Bike2Work scheme, health and fitness subsidy, holiday exchange and an Employee Assistance Programme.
• Community - paid volunteering leave and Give As You Earn scheme. Vibrant CSR and engagement forums and fundraising for our charity partners.
• Development - a suite of opportunities to build the skills you need to excel in your role.

If you’re excited about becoming part of our team, get in touch. We’d love to hear from you!