Technology Risk and Controls Manager

London (Central), London (Greater)
Up to £75,000 + Bonus + Benefits
28 Aug 2021
27 Sep 2021
Employer Sector
Contract Type
Full Time
0-25% Travel

The Audit Risk Recruitment Company (ARRC)* has been exclusively mandated to assist our client, a reputable insurance business, in their search for an IT Risk and Controls manager.

Reporting directly into the CISO, this is a second line risk role, assessing system risk around areas such as settlement and adjustment claims, mutual funds, IT product supplier risk and investment management. You will also be working closely with the internal audit function to cover technology related audits so internal audit experience is also of benefit for this position.

This is an exciting opportunity for an IT Risk / Audit professional to join a collaborative and forward-thinking business with opportunities to progress within technology development and securities.

Role Responsibilities

  • Support the development and maintenance of a risk and controls culture across the business, including continuous communication with controls operators and owners across the IT function
  • Champion Risk Management across the business units, supporting the identification and assessment of IT Risks
  • Manage the IT Controls framework, including planning, documentation, testing of IT Controls, and any follow-ups to ensure mitigation of any failures and weaknesses.
  • Review, evaluate, and document internal controls, including the adequacy of documentation and design effectiveness assessment through review of documents and meeting Control Owners
  • Responsible for monitoring compliance to the ISO27001 framework globally and lead the global ISO27001 certification process, including management of surveillance audits
  • Undertake routine discussions with key stakeholders on IT control testing outcomes and action plans and ensure risk remediation/control improvement objectives are addressed by the actions
  • Perform the testing of Design, Implementation and Operational Effectiveness of Internal Controls, including those managed by third party suppliers
  • Work with colleagues to plan and execute audits to a high quality to provide audit assurance and insights over the highest technology risk and support the delivery of objective, concise and insightful audit reports on the effectiveness of the framework of controls for each audit

Required experience

  • A background in IT Service Management, particularly in the running of IT Service Operations within second or third lines of defence
  • Demonstrable experience in Information Technology audits or IT Assurance (e.g. CISSP, CISM, CISA, CRISC)
  • Strong interpersonal, communication and influencing skills with the confidence and ability to operate effectively at all levels including third parties and external customers
  • Experience of managing ITIL Service Operations (Service Desk, Change, Incident, Problem etc) and introducing improvements to those operations
  • Ensure controls are aligned to GDPR (Information security, process reviews & systems)
  • Experience of MI / Data Analytics / Reporting and experience of ServiceNow toolset an advantage
  • Commercial experience of negotiating and managing contracts
  • Experience of managing strategic relationships with a long-term perspective
  • Experience of supplier risk assessments, and ideally of performing onsite supplier control tests
  • A sound understanding of British and International Security Standards (e.g. ISO/IEC 27001, ISO/IEC 27002, NIST, CIS-20, PCIDSS) and the UK regulatory environment (e.g. ICO, FCA, PRA and CQC)

*The Audit Risk Recruitment Company - Experts in Audit and Risk 

Apply for Technology Risk and Controls Manager

Already uploaded your CV? Sign in to apply instantly


Upload from your computer

Or import from cloud storage

Your CV must be a .doc, .pdf, .docx, .rtf, and no bigger than 1MB

Upload from your computer

Or import from cloud storage

Your Supporting Document (optional) must be a .doc, .pdf, .docx, .txt, .rtf, and no bigger than 1MB

4000 characters left

Marketing Communication

We'd love to send you information about Jobs and Services from by email.

All emails will contain a link in the footer to enable you to unsubscribe at any time.

When you apply for a job we will send your application to the named recruiter, who may contact you. By applying for a job listed on you agree to our terms and conditions and privacy policy. You should never be required to provide bank account details. If you are, please email us.