Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead and execute enterprise risk management, ensuring compliance with evolving regulations.
- Company: Join Vanguard, a mission-driven company with a collaborative culture.
- Benefits: Enjoy hybrid working, competitive salary, and opportunities for professional growth.
- Why this job: Make a real impact in technology risk while shaping the future of compliance.
- Qualifications: 3-5 years in IT audit or risk management; strong knowledge of IT control frameworks.
- Other info: Dynamic role with excellent career advancement opportunities in a fast-paced environment.
The predicted salary is between 36000 - 60000 £ per year.
Role summary
Leads and executes the enterprise risk management framework in accordance with the divisional implementation plan. Provides oversight and guidance to the enterprise, division, and subdivision through the creation and application of standard and customized content, reporting and business analytics.
Vanguard is seeking a diligent and technically astute IT Control Tester (S2) to join our Technology Risk function in Manchester. This role is fundamental to maintaining trust with our clients and regulators by providing assurance on the technology control environment. You will be responsible for the end-to-end lifecycle of IT control assurance, from planning and executing tests to advising on control design. You will play a pivotal role in implementing our European IT control testing framework and future-proofing our control environment against a dynamic landscape of current and emerging regulations, including the EU\\\’s Digital Operational Resilience Act (DORA), the EU AI Act, and evolving data privacy frameworks.
This position is ideal for a professional with a strong background in IT audit or risk who is eager to take on a hands-on role in a complex and ever-evolving regulatory environment.
Key Responsibilities
- Test Planning & Scoping: Develop and maintain the annual IT control testing plan. Define the scope, objectives, timing, and methodology for each control test based on risk assessments and regulatory requirements.
- Control Evaluation & Execution: Execute detailed walkthroughs and testing of key IT general controls (ITGCs) and application controls identified in the Risk and Control Self-Assessment (RCSA) to validate their design and operating effectiveness.
- Framework Implementation & Enhancement: Drive the implementation and continuous improvement of the IT Control Testing Framework across our European entities, ensuring alignment with global standards and local regulatory nuances.
- Control Library & Regulatory Watch: Proactively monitor the regulatory landscape and translate requirements from current and emerging technology regulations into tangible, testable controls. Key regulations include, but are not limited to:
- Operational Resilience & Cybersecurity: DORA and FCA Operational Resilience rules (SYSC), intra-group and third party oversight controls
- Data Privacy & Governance: GDPR, UK GDPR, and the EU Data Act
- Emerging regulations: The EU AI Act, CTP
What It Takes: Core Competencies
Essential Experience & Skills
- A minimum of 3-5 years of experience in IT Audit, IT Risk Management, or Technology Control Testing within the financial services or a similarly regulated industry with preferred Big 4 experience.
- Strong practical knowledge of IT control frameworks, such as COBIT, NIST Cybersecurity Framework, and ITIL.
- Strong working knowledge of key regulations governing technology and data in financial services, such as SOX, GDPR, DPA and the DORA. Demonstrable understanding of the impact of major emerging regulations like the EU AI Act.
- Demonstrable experience testing controls across key IT domains, including cybersecurity, cloud environments (AWS/Azure), DevOps, change management, access management, and IT operations.
- Hands-on experience using GRC platforms (Archer) for control management and testing.
- Bachelor\\\’s degree in Information Technology, Cybersecurity, Computer Science, or a related field.
Desirable Skills
- Professional certification such as CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control).
- Direct experience in the asset management sector.
- Experience performing readiness assessments for new or upcoming regulations.
- Excellent communication skills, with the ability to articulate complex technical issues to both technical and non-technical audiences.
How We Work
Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.
Seniority level
- Mid-Senior level
Employment type
- Full-time
Job function
- Management and Manufacturing
Referrals increase your chances of interviewing at Vanguard by 2x
Get notified about new Control Analyst jobs in Manchester, England, United Kingdom.
#J-18808-Ljbffr
Risk and Control Analyst, Specialist employer: Vanguard
Contact Detail:
Vanguard Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Risk and Control Analyst, Specialist
✨Tip Number 1
Network like a pro! Reach out to folks in your industry on LinkedIn or at local meetups. A friendly chat can lead to opportunities that aren’t even advertised yet.
✨Tip Number 2
Prepare for interviews by researching the company and its culture. Tailor your answers to show how your skills align with their needs, especially around IT control frameworks and regulations.
✨Tip Number 3
Practice makes perfect! Do mock interviews with friends or use online platforms to get comfortable discussing your experience in IT audit and risk management.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who are proactive!
We think you need these skills to ace Risk and Control Analyst, Specialist
Some tips for your application 🫡
Tailor Your Application: Make sure to customise your CV and cover letter to highlight your experience in IT audit and risk management. We want to see how your skills align with the specific responsibilities mentioned in the job description.
Showcase Your Technical Skills: Don’t forget to emphasise your knowledge of IT control frameworks and regulations like GDPR and DORA. We’re looking for someone who can demonstrate a solid understanding of these areas, so make it clear in your application!
Be Clear and Concise: When writing your application, keep it straightforward and to the point. We appreciate clarity, so avoid jargon and ensure your key achievements stand out. This will help us quickly see why you’d be a great fit!
Apply Through Our Website: We encourage you to submit your application through our website. It’s the best way for us to receive your details and ensures you’re considered for the role. Plus, it’s super easy to do!
How to prepare for a job interview at Vanguard
✨Know Your Regulations
Familiarise yourself with key regulations like DORA, GDPR, and the EU AI Act. Be ready to discuss how these impact IT control testing and risk management. Showing that you understand the regulatory landscape will impress your interviewers.
✨Demonstrate Technical Knowledge
Brush up on IT control frameworks such as COBIT and NIST. Be prepared to explain how you've applied these in past roles, especially in testing controls across various IT domains. This will showcase your hands-on experience and technical acumen.
✨Prepare for Scenario Questions
Expect scenario-based questions where you'll need to demonstrate your problem-solving skills. Think of examples from your previous work where you identified risks or improved control environments. Use the STAR method (Situation, Task, Action, Result) to structure your answers.
✨Engage with Stakeholders
Highlight your experience in collaborating with different teams, such as technology owners and internal audit. Discuss how you’ve effectively communicated complex issues to both technical and non-technical audiences. This shows your ability to work in a team-oriented environment.
