Risk, Security & Compliance Function:

The Risk & Compliance function is in the process of being matured with regards to both frameworks and BAU processes so there is significant breadth in what we get involved in. We cover Operational Risk throughout the business with a strong focus on IT & Security risks, both within our Product development and Service Management, as well as Internal IT and Security.

Whilst they build framework and processes around control assessments, risk registers and incident management, they are also regularly called on to be risk & compliance SMEs providing guidance and approval in multiple areas of the business. Although they are not regulated, their customers are, so their team is here to mature the risk management practices to support and improve their products to make them ‘best in market’ from both a risk and a compliance aspect. They are also working to expand their ISO Certification framework across all their products.

This is an exciting time to join and make the improvements your own and bring your ideas to life. Being a small firm, our work is not restricted to one specialism, and we get involved across multiple areas of risk across the business from DevOps, Cloud Ops, Service Management and Internal IT & Security. You will be able to draw from your existing experience, as well as build in multiple areas developing framework and get involved in BAU processes with multiple departments.

The vision is to build a framework that covers the business, with appropriate tools in place to ensure risk management is embedded and utilised. Our path to maturity is to build controls and risk management to enable ISO and NIST certification and comply with the wider SCF.  

• Self-starter with a proactive & curious mindset and an eye for detail
• Able to partner with stakeholders, both in the team and wider in the business, and build relationships
• Experience with IT control standards such as ISO27001, SCF, ITGCs, ISO, COBIT, NIST
• Experience in IT risk, preferably in LoD 1, and technical IT risk skills are desirable
• Cloud Tech experience is a plus, and audit experience is a must
• Self-motivated and independent worker who is self-sufficient and able to work in a small team
• Able to see the bigger picture of how the framework fits together and raise issues and help remediate them
• @5 years operational/ IT risk experience desirable.

What you will be doing:

• Client Compliance & Audit: assist the Lead Auditor managing the client audit and compliance frameworks. Complete DDs, manage Risk Ledger portal, validate audit evidence and provide admin support on the audits
• Risk Management admin: provide admin support in managing the risk framework. This includes work around the risk register, time keeping, Policy framework, Op Res framework (BIAs) and Third Party Matrix management and due diligence (incl. collection of Certification/ Insurances)
• Data management admin: provide assistance in building out this framework to include ROPAs, data mapping and documentation.

• Experience with IT control standards such as ISO27001, SCF, ITGCs, ISO, COBIT, NIST
• Experience in IT risk, preferably in LoD 1, and technical IT risk skills are desirable
• Cloud Tech experience is a plus, and audit experience is a must
• Client Compliance & Audit: assist the Lead Auditor managing the client audit and compliance frameworks. Complete DDs, manage Risk Ledger portal, validate audit evidence and provide admin support on the audits
• Risk Management admin: provide admin support in managing the risk framework. This includes work around the risk register, time keeping, Policy framework, Op Res framework (BIAs) and Third Party Matrix management and due diligence (incl. collection of Certification/ Insurances)
• Data management admin: provide assistance in building out this framework to include ROPAs, data mapping and documentation.  
•  

• Experience with IT control standards such as ISO27001, SCF, ITGCs, ISO, COBIT, NIST
• Experience in IT risk, preferably in LoD 1, and technical IT risk skills are desirable
• Cloud Tech experience is a plus, and audit experience is a must

• @5 years operational/ IT risk experience desirable