Senior Compliance Analyst in Coventry

As a Senior Compliance Analyst, you’ll play a key role in driving the compliance assurance programme and will be responsible for delivering, monitoring and reporting on the annual testing programme on IT controls and Information Security (IS) control requirements. You’ll be responsible for driving continuous maturity and improvement; and you’ll support the delivery of operational effectiveness testing controls. You’ll be responsible for defining the controls testing roadmap, and communicate this with key stakeholders and senior management, as well as driving and reporting on key outputs and remediation activities. Additionally, you’ll recommend and drive process enhancements across key control areas, whilst seeking out opportunities to drive compliance activities that support the broader compliance strategy.

What you need to do

• Responsible for delivering the annual assurance programme such as across IS and IT controls, including developing testing scenarios to support design and operating effectiveness testing.
• Own and manage the assurance testing roadmap and schedule, and provide key support to the overall Compliance strategy.
• Responsible for analysing the adoption of processes, documentation and controls.
• Contribute and deliver key reporting for the Audit Committee and Data Governance Committee.
• Drive and own the continuous assessment of IS and IT control effectiveness across the business, raising appropriate risks or defining remediation requirements.
• Responsible for driving remediation plans across the business to improve maturity, mitigations and reduce risk.
• Own and drive improvements to process and documentation, to support control testing and implementation of policy requirements.
• Responsible for ensuring the integrity and efficiency of audit records and compliance activity.
• Support with internal Data Governance and Information Security projects where necessary.
• Be the liaison and maintain a good relationship with stakeholders to drive resolutions to any issues.

What you need to know and show

Essential Criteria

• Demonstrable experience of delivering an assurance testing programme across industry frameworks and regulations, such as but not limited to NIST-CSF, Cyber Essentials, ITGC and ITACs, FRC/Corporate Governance Code, and other relevant frameworks and regulations for example COBIT2019 or COSO.
• Ability to collaborate effectively with a range of business stakeholders, and support the wider agenda.
• Pro-active in tracking upcoming industry changes, interpreting how these may impact the business and have the ability to implement where necessary.

Additional Criteria

• Demonstrate ability to learn and understand business processes particularly those covering Finance, Technology and Information Security.
• Previous experience of IT audit either within an external audit or an internal audit role would be desirable.
• Experience of working with internal/external auditors and ability to manage appropriate timelines, resolve findings and contribute to continuous improvement initiatives from audit outcomes.
• Ability to think methodically and logically; and communicate using spoken and written word.
• Familiar with standard IT and IS processes and controls such as identity and access, change management, third-party management.
• Be able to proactively identify and own any issues and follow through to resolve them.
• Ability to prioritise own workload and deliver quality results on time, and to budget.
• Certifications such as CISA and ISO 27001 Lead Auditor are desirable but not essential.

Support we will provide

• Your line manager will provide support and guidance.
• Access to the Compliance, ITGC, GRC, Finance, Data Governance and Infosec teams who have a wide array of skills and knowledge.
• Extensive support and training materials available relating to NIST, IT General Controls, PCI-DSS and GDPR.
• Other resources as required.