Senior Governance Risk and Compliance Analyst - Contract
The Consultancy division of FT Select is recruiting for a Consultant/Contractor, a Senior Governance, Risk and Compliance (GRC) Analyst to work with one of our financial services clients.
This will be a high-profile role responsible for supporting audit and assurance engagements. The Senior GRC Analyst will be responsible for ongoing and periodic risk and control assessment cycles, as well as maintaining a fit-for-purpose Cybersecurity Controls Library using key risk metrics, indicators and industry standards. They will also be responsible for supporting audit and assurance engagements on behalf of the cyber security function. In addition they will support Business Information Security Officers and attend Second line of defence, GTS (First line ) risk, control and framework committees and ad hoc committees established by Internal Audit.
• Support and roll out the GRC Cybersecurity controls framework while balancing the approach with end user experience and compliance to NISTFSSCC.
• Work with Controls Owners in partnership with other Cybersecurity and Technology stakeholders, evaluate and perform an end-to-end analysis of the controls library and identify significant gaps and weaknesses and determine root cause of control deficiencies.
• Develop creative and innovative solutions to manage risk, ensuring that controls and metrics are properly designed, operating effectively, and essential to a proactive risk and control culture that leverages proven evaluation strategies and sound change management protocols.
• Engage collaboratively With Control Owners, regardless of geographic location, providing support across Cybersecurity.
• Update controls and their associated metrics and be a proactive adviser across the three lines of defence, identifying Cybersecurity risk issues and recommending solutions.
• Monitor the health of the controls library with respect to technical and operational processes.
• Be a part of a team providing independent review of design and control effectiveness.
• Capture audit management actions as appropriately captured and that owners’ accountability is transparent from planning through reporting.
• Act as the point of contact for all cyber related Internal Audit and External (non-regulatory) audit actions undertaken.
• Support risk resilience and control assurances work engaging and managing Second line of defence expectations.
• Work within Cybersecurity and across the First line of defence business partners to provide audit related metrics and updates on an ongoing basis.
• Understanding and working knowledge of control frameworks based on industry best practices such as NIST, COBIT, and ISO27001.
• Cyber security qualification e.g. CISSP / CISM (desirable)
• Degree in Cyber, Information Security or IT management
• IT and cybersecurity policies and standards
• Operational risk frameworks
• Regulatory compliance
• Technology resiliency
• Identity and access management
• Incident management
• Data protection
• Financial Services
• Technology & Cyber Security
• Experienced professional with 5+ years’ experience in a regulated environment with risks, controls and metrics within Technology environments.
• Proficient understanding of financial institutions and underlying business processes
• Regulatory and Audit engagement leadership
• Technological, organizational and/or operational change management