Risk & Controls Analyst

Risk Analysis: Assisting GTS stakeholders with IT operational risk assessments to identify potential vulnerabilities and threats to our IT systems and infrastructure. This involves analysing the impact and likelihood of risks and evaluating the effectiveness of existing controls using the Group Enterprise Risk Management Framework.

- Risk Mitigation: Working with the GTS Risk & Compliance Lead, Risk Manager, Compliance & Controls Manager and Risk Raisers and Owners to develop and suggest mitigation plans and strategies based on the analysed risk, to minimise their likelihood and impact. This may involve developing policies, procedures, and controls to address specific risks, such as data breaches, system failures, or cyber-attacks.

- Risk & Controls Reporting: Providing the GTS Risk & Compliance Lead, Risk Manager and Controls & Compliance Manager with up-to-date, accurate and reliable information on risk and their profile to feed in to monthly and quarterly reporting to senior management and stakeholders.

- Training and Awareness: Promote a Risk Culture to educate colleagues and stakeholders on IT risks and best practices. This includes promoting a culture of security awareness and ensuring that employees understand their role in protecting our IT systems and data.

Are you passionate about safeguarding IT systems, mitigating risks and developing controls? We are seeking a detail oriented Risk & Controls Analyst to play a vital role in identifying, assessing, and managing IT operational risk & controls. Working within the Group Technology Services (GTS) Risk & Compliance team, you will assess potential vulnerabilities, develop robust mitigation strategies, and ensure accurate reporting to senior stakeholders. Additionally, you'll champion a strong risk-aware culture by educating colleagues on best practices, all while leveraging the Group Enterprise Risk Management Framework to protect our systems and data from evolving threats., Some important behaviours for a Risk & Controls Analyst include being detail-oriented, proactive, ethical, and having a strong sense of integrity. You should be able to prioritise tasks and work well under pressure. While pre-requisite knowledge of risk & controls management would be desirable, it is not essential. Having the following would help you succeed in this role:

- A solid background in information technology and an understanding of various IT systems, infrastructure, and technologies and how these interact with each other to effectively assess IT-related risks. Familiarity with cybersecurity, data protection, and IT governance frameworks would be beneficial such as ITIL, COBIT, ISO, NIS and NIST.

- Analytical and Problem-Solving Skills: You need to be an analytical thinker who can assess complex situations, identify root causes, and propose effective solutions. Strong problem-solving skills are necessary to analyse IT risks in a proactive and systematic manner.

- Communication and Collaboration: Effective communication skills are vital; you will be interacting with stakeholders at all levels of the organisation. You must be able to articulate complex IT risks and their impacts in a clear and concise manner. Collaboration skills are also important for working with cross-functional teams, such as IT, legal, compliance, security and senior leadership.

- Adaptability and Continuous Learning: The IT landscape is constantly evolving, and new risks and technologies emerge regularly. A Risk Analyst should be adaptable to change and willing to continuously update their knowledge and skills. Staying informed about emerging threats, industry best practices, and regulatory changes is essential to effectively analyse and manage IT risks.

We offer an excellent package with 34 days annual leave entitlement. Enhanced maternity/paternity leave, discounted healthcare, salary sacrifice car leasing and much more, view our full benefits package on our careers site.