Tech Risk and Controls Analyst
Remote with ad hoc travel
Reporting to the ITGC Manager on the Finance Transformation Programme, the Tech Risk & Controls Analyst is the primary lead for validation testing of key IT controls pertinent to our internal controls over financial reporting. The role will support our IT stakeholders in maturing their processes and controls through periodic assessments and validation of supporting evidence to demonstrate design/operating effectiveness.
This is a key role on the IT Controls team that will require a detailed understanding of our systems architecture and applications across each business unit. It will be involved in all aspects of internal controls over financial reporting from a systems perspective including risk assessments/scoping, planning, documentation, controls testing and follow ups to ensure mitigation of identified control gaps.
This role will require significant engagement with stakeholders across Finance and IT at Group and Business Unit level and there may be occasional travel expected to some of our key locations.
· Supports the ITGC Manager in the development and maintenance of a controls culture across our clients IT, including continuous communication with system and control owners across the function
· Supports the shaping/development and continuous improvement of the controls framework across core business processes and systems.
· Engages with control owners/operators to test IT controls on key finance systems and improves the facilitation of testing and audits (including those managed by third party suppliers)
· Reviews, evaluates and documents internal controls including the adequacy of documentation and design effectiveness through review of documents and meeting control owners.
· Completes controls testing work papers by documenting results, findings and recommendations
· Collaborates with senior stakeholders in IT to deliver the controls testing plan, ensures risk remediation/control improvement activities are addressed through to completion,
· Advises and collaborates on FT programme initiatives by providing IT controls expertise and considerations
· Understands and can communicate the downstream impact on the business for IT control deficiencies
· Engages with Internal and External Audit teams to corroborate IT control issues and ensures alignment and consistency in recommended actions
· Supports in the preparation of reporting packs for various governance committees across the Finance Transformation programme.
Experience & Skills:
· Credible & proven ability to lead, mobilise and partner with senior stakeholders within a fast-paced business
· Has a clear passion for Technology audit/assurance and demonstrable experience of managing delivery in a relevant tech risk and control's function, including knowledge of key control areas in cyber; IT resilience, operations and change management.
· Well versed in risk management and controls has a sound understanding of regulatory compliance frameworks such as GDPR, ISO27001/27002, PCI DSS, CIS 20, NIST CSF, Cyber Essentials, COBIT, ISF etc (preferred but not essential)
· Knowledge of Sarbanes-Oxley general IT control areas
· Looks for new and creative ways to solve problems of improve processes for technology
· Can demonstrate the communication of complex technical matters to both tech/non-tech audiences
· Can easily navigate internal/external audit & assurance engagements, along with supporting controls testing & evidencing requirements
· Knows how to prioritise workload demand and can engage all relevant stakeholders that need to know what is expected of them
· Ability to identify key issues, & can communicate them to stakeholders leveraging colleagues as needed to find solutions
· Data driven, analytical, assertive and results orientated
· Former professional services and consulting experience preferred
· CISA, CISM, CISSP, CRISC (preferred but not essential)
ersg are an equal opportunities employer; we are committed to promoting equality of opportunity for all job applicants. We do not discriminate against applicants on the basis of age, sex, race, disability, pregnancy, marital status, sexual orientation, gender reassignment or religious background; all decisions are based on merit.