We are seeking a highly skilled IT Risk & Controls Analyst to join my client's team in London on a hybrid basis (3 days a week on site). This permanent role, offering a salary of £70,000, is an excellent opportunity for a motivated professional to contribute to robust IT risk management practices within the insurance sector.
The successful candidate will be responsible for identifying, assessing, and mitigating IT risks, supporting regulatory compliance, and enhancing internal controls. You will conduct risk assessments, support audit processes, and work closely with various departments to promote effective IT governance and controls across the organisation.
Key Responsibilities
- Perform regular IT risk assessments and control evaluations to ensure the organisation meets regulatory, operational, and security standards.
- Assist in the development and implementation of IT risk management strategies and policies.
- Support internal and external IT audits, including evidence collection, gap analysis, and remediation planning.
- Collaborate with stakeholders to evaluate existing processes and recommend enhancements in line with best practice frameworks.
- Provide reports, insights, and recommendations to senior leadership on risk exposures and control effectiveness.
Essential Skills and Experience
- Extensive experience in IT risk assessment, control evaluation, or IT audit within a professional or regulated environment.
- Strong analytical and problem-solving capabilities, with the capacity to evaluate complex scenarios and detect potential vulnerabilities.
- Effective communication abilities, enabling clear reporting and collaboration across multi-functional teams.
- Proficiency in prioritising tasks and managing competing demands both independently and within team settings.
Desirable Skills and Experience
- Academic qualification in Information Technology, Computer Science, or a relevant discipline.
- Prior exposure to the insurance industry or other highly regulated sectors.
- Familiarity with recognised frameworks such as NIST, ISO27002, SOC Type 1, and IT General Controls (ITGC).
- Understanding of both IT infrastructure and application layer technologies.
- Holding relevant professional certifications in IT risk, audit, or security.
- Knowledge of FAIR (Factor Analysis of Information Risk) methodology is advantageous.
This is a fantastic opportunity for a detail-oriented individual with an aptitude for IT risk and control assurance to make a significant impact in a dynamic and regulated environment.
No sponsorship is provided.