IT Risk and Controls Manager

Location: London, Hybrid Contract FTC - 9 Months

Overview: This role will demonstrate clear ownership for EITS Risk and Controls and deliver ongoing management of policies, procedures, risk reviews and a quarterly plan to address specific actions in this area. This is important to ensure consistency across all areas of the EITS department, that controls remain active and up to date and we align to Enterprise Risk governance.

Role Responsibilities:

• Risk Management Framework: Develop and implement a comprehensive risk management framework that aligns with the organization’s strategic goals and objectives. This will be aligned to COBIT but also take into account other frameworks in use such as NIST and ITIL.
• Stakeholder Engagement: Engage with external stakeholders, including the Head of Risk Assurance, the Risk Assurance team and our internal audit partners, to ensure effective communication and compliance with risk-related policies and processes. Ensure that any change in regulation, that impacts EITS, is assessed and actions managed to completion.
• Risk Assessment: Identify, assess, and prioritize risks across EITS Pillars, including financial, operational, regulatory, reputational and strategic risks. Ensure these are documented in the appropriate Risk Register to a high standard and regularly assessed and attested.
• Risk Mitigation: Develop and implement risk mitigation strategies, controls and action plans to minimize potential negative impacts on the organization. Ensure that any required actions are maintained on the correct EITS backlogs and planned according to the EITS Change Delivery process.
• Policy Management: Establish a baseline of IT Policies, Processes and Standards. Develop a policy management process that maintains that baseline based on both the needs of the Business and required alignment to changes to meet regulatory and compliance needs.
• Risk Reporting: Prepare and present regular risk reports to EITS Leadership and Management, highlighting key risks, trends, and mitigation strategies. Establish a reporting line to Enterprise Risk Assurance, and relevant governing bodies, and provide reports to the correct level and cadence.
• Major Incident Reporting: Own the Major Incident Reporting process. Lead the post incident activity to ensure all Major Incidents are documented in line with Enterprise Risk guidelines and deliver a report to the MDU Executive detailing the incident, root cause and follow on actions. Manage a backlog of follow actions and track them to completion.
• Training and Awareness: Develop and deliver risk management training programs and workshops to enhance risk awareness and capability across the department.
• Collaboration: Represent IT Risk within the MDU to ensure that new risks being introduced by new Projects, or other business activity, and any changes to existing risks, or controls, are transitioned into the EITS Risk, documented correctly and managed in accordance with EITS process.
• MDU Audits: Work with Risk Assurance to establish a backlog of planned audits that is planned in accordance with EITS delivery processes. Assist internal, and external, audits by coordinating required interviews and the provision of artifacts for the EITS department.

Skills and Experience:

• Experience in operational risk management compliance, or governance role, within financial services or high regulation sector (for example Pharmaceuticals).
• Demonstrable working knowledge of common IT processes and department functions.
• Working knowledge of a recognised Risk Management Framework, such as NIST, or as part of a more general framework such as COBIT (preferred).
• Excellent communication and influencing skills, with the ability to engage stakeholders at all levels.
• Experience in building risk dashboards and analytics.
• Proficiency in Microsoft Office tools (Excel, PowerPoint, Word).
• Working towards or have achieved a risk qualification.