IT Risk and Controls Analyst
At this company, they empower their customers to make a difference in their lives. And the same goes for their employees.
They have offices in Belfast, Galway and Dublin, where they've embraced hybrid working and empower their people to work flexibly to suit their needs and those of their customers.
Their diverse customer base benefits from the diverse perspectives of our teams that serve them, solving complex problems with creative ideas.
They're part of something bigger with a presence in North America, the UK, and Europe. Their business has grown organically and through acquisitions to over $20 billion of total annual premiums.
They want you to succeed with them and grow - and they'll give you the tools, flexibility and learning opportunities you need to do it.
And, if you bring your best, then they promise to give you, our best.
Culture and Community
This organization is a purpose-driven business - their purpose is to 'help people, businesses, and society prosper in good times, and be resilient in bad times'.
They do that by living their values - Integrity, Respect, Customer-driven, Excellence, and Generosity - in everything that they do.
They provide an open and honest workplace - where everybody contributes, and every view is listened-to and respected.
Generosity is in their DNA and is the value that guides and enables their people to help others, protect the environment and make their communities more resilient. It drives their efforts to care for people and to give their time, financial resources and talent. They are also committed to helping society adapt to a changing climate taking reasonable care to ensure that their business activities are conducted in an environmentally sustainable manner.
Our stats don't lie… in their annual engagement survey
91% of their people celebrate the diversity in their teams and wider company
90% of their people feel safe to share they've made a mistake
89% of their people strive to recognise colleagues for the amazing work they do
89% of their people know how their job supports the company's strategy
IT Risk and Controls Analyst
The role of the IT Risk and Controls Analyst is an important role within the IT Risk and Compliance and wider Integrated Technology Solutions (ITS) teams. The role will involve providing knowledge, guidance, and support in IT Risk, Control and Compliance to support management in carrying out their IT risk management responsibilities. The role will also involve supporting management in maintaining compliance with IT policies, procedures, standards, guidelines, and reporting requirements.
In addition, this role will help to support, and co-ordinate validation and assurance activates across Line 1, Line 2, Line 3, external, and regulatory IT audit activity, resulting actions and remediation plans. This role will support the oversight and co-ordination of activities to ensure compliance with Canadian regulatory requirements, and also the Line 1 IT Control validation testing activities performed by a key strategic partner.
This role will also provide support to IT risk management and reporting activities including quarterly IT risk reporting to meet reporting requirements and to provide management information (MI) as required to satisfy adhoc IT risk reporting requests. IT Risk Governance also forms part of the team's activities, and this role will support the co-ordination of IT risk related governance/meetings (both internal and third party) and the production of required meeting packs and minutes as required.
The IT Risk and Controls Analyst role will work closely with the different teams across Integrated Technology Solutions (including Service Delivery, IT Architecture, Resilience and Security, Technology Enablement and Transformation and Data and Analytics teams), and key business and assurance stakeholders across IRE & UK region to enhance the IT control environment. The role will also involve working with key third party stakeholders from an IT risk and control perspective to support the management of IT risks and issues and further enhance IT risk and control activities.
- Working collaboratively with the different teams across Integrated Technology Solutions (including Service Delivery, IT Architecture, Resilience and Security, Technology Enablement and Transformation and Data and Analytics teams), and key business and assurance stakeholders across Ire & UK region to enhance the IT control environment.
- Working with key third party stakeholders from an IT risk and control perspective to support the management of IT risks and issues and further enhance IT risk and control activities.
- Co-ordinating IT risk reporting activities as required to support the Senior IT Risk and Compliance Specialist in the delivery of quarterly IT risk reporting submissions and to provide management information (MI) as required to satisfy adhoc IT risk reporting requests.
- Supporting IT Risk Governance activities by co-ordinating IT risk related governance/meetings (both internal and third party) and the production of required meeting packs and minutes as required and assisting with risk identification, assessment, triage, evaluation and management.
- Maintenance of a centralised IT Risk Register, audit and Remediation Plan Agreed (RPA) and Risk Acceptance (RA) action tracker.
- Supporting management in maintaining compliance with IT policies, procedures, standards, guidelines, and reporting requirements and in documenting and tracking any non-compliance to policy through the established remediation plan agreed (RPA) process.
- Co-ordinate validation and assurance activities, including where relevant evidence submission, across Line 1, Line 2, Line 3, external, and regulatory IT audit activity, resulting actions and remediation plans in support to the Senior IT Risk and Compliance Specialist.
- Working closely with the Financial Control team in support to the Senior IT Risk and Compliance Specialist in relation to Canadian SOX testing to co-ordinate supporting activities such as IT control self-assessments, operational effectiveness testing and year end attestations and reporting to ensure annual compliance.
- Supporting the Senior IT Risk and Compliance Specialist in the development of an annual IT Control Validation plan, agreeing this with the Head of IT Risk and Compliance and supporting the communication of this plan to impacted stakeholders (i.e., control owners / control operators) as part of the annual IT Control Validation planning process for the forthcoming year.
- Co-ordinating and supporting IT control validation activities and walkthroughs with their key strategic partner and control owners to understand the control end-to-end and select appropriate sampling based on the IT Control Validation Guidance for design adequacy and operational effectiveness testing of control(s). Supporting their strategic partner to co-ordinate agreement with management where any control design and/or operational effectiveness weaknesses have been identified and assist in the identification of appropriate remediation activities.
- Supporting the oversight to ensure that IT control validation testing is planned and executed by their strategic partner in compliance with the UKI IT Control Validation Guidance considering a risk-based approach and adopting requirements of the overall guidance outlined.
- Supporting the oversight and QA review of IT Control Validation testing workpapers documented by their strategic partner on a sample basis to ensure appropriate documentation of test execution and outcomes including consideration of robust evidence to support testing within agreed templates and to satisfy design adequacy and operational effectiveness testing requirements in line with the UKI IT Control Validation Guidance.
- Co-ordinating the agreement and reporting of any identified IT control validation weaknesses to facilitate their strategic partner reporting of the IT control validation testing activities executed.
- Reporting periodically on the status of IT remediation activities and progress to relevant stakeholders and/or committees and impacted control owners/control operators to include escalation of any overdue remediation actions so they can be managed effectively to closure.
- Acting as delegate to the Senior IT Risk and Compliance Specialist as required.
- Demonstrating the values of Integrity, Respect, Customer-Driven, Generosity and Excellence in carrying out all responsibilities within this role.
- General knowledge of IT Risk Management, IT Governance principles, Information Security risks and controls, IT processes and infrastructure and/or IT external audit or IT internal audit experience of 2-3 years is preferable
- Experience in Stakeholder Management across IT Risk Management, Audit, Assurance activities
- Knowledge of IT General Controls (Change Management, Logical Access, and IT Operations [backup and recovery, problem and incident management and job scheduling])
- General knowledge of IT Controls testing would be an advantage
- Experience working with 3rd party outsourced providers
- CISA, CRISC, CISM, CISSP or similar certification is desirable
- Eagerness to increase IT risk management and control environment knowledge
- Problem Solving mindset and Can-Do Attitude
- Based in Ireland - Hybrid