IT Risk Lead

IT Risk Management Lead This is a hybrid role and would require you onsite in Brentwood 2 days per week. Our client is looking for an IT Risk Management Lead who will be responsible for monitoring IT risks and ensuring that all controls are functioning effectively and routinely. You will also manage each risk event from identification to conclusion, identifying any weaknesses in the control environment and putting into place actions to correct. Review and log all IT risks according to the ISO27001 framework, updating the Information Security Management System risk registers accordingly. Prepare a monthly report for the CIO on highlighting a prioritised set of current risks Develop and maintain a register of all IT controls to ensure that they are routinely tested and working effectively. Work with the second line Risk Function to ensure that they have the necessary reporting to assess the IT risk to the organisation. This includes but is not limited to maintaining the Risk and Self Certification Assessment regime. Integrating the detailed IT risk management framework with the Risk function’s risk appetite and other metrics. Defining and agreeing IT risk metrics with the Risk function and monitoring the effectiveness of these metrics regularly. Be responsible for the management of all risk events in accordance with the procedures from the Risk Function. This includes initial logging, root cause analysis and identifying actions to implement and/or enhance controls to final reporting to the CIO on status. Review remediation plans following any risk events Reviewing environmental/regulatory changes that may pose IT risks: For example, reviewing proposed changes to the Microsoft Office 365 environment. Reviewing regulatory driven changes and the impact these might pose. Work closely with the IT Infrastructure manager to provide cover in extended periods of absence/holidays. Influence design of IT change and solutions Provide oversight of control environment of outsource IT partners Assist in development of BCP planning and interpreting test results Ad hoc duties as required. Extensive experience working in IT infrastructure/management roles. Experience working in Financial Services/regulated environments Demonstrated experience in disaster recovery planning and business continuity Familiarity with regulatory compliance standards e.g. Proactive approach to identifying and addressing potential IT risks Relevant experience within an audit, and/or risk management role. Pension contribution 5% or more by employee, 10% employer ~28 Days Annual Leave ~ Sick Pay – 26 weeks full pay/26 weeks ½ pay (after 12 months service) ~