The ideal candidate will have a strong background in controls testing within financial services and excellent analytical and problem-solving skills.
Key responsibilities:
- Execute controls testing procedures in accordance with the established methodology and testing plans, ensuring the accuracy and completeness of testing activities.
- Document testing workpapers clearly and concisely, providing sufficient evidence to support findings and conclusions, including recommendations for remediation and management action.
- Identify and escalate potential control deficiencies and areas for improvement, providing supporting documentation and analysis.
- Analyse testing results, identify trends and patterns that may indicate control weaknesses or areas of heightened risk.
- Collaborate with various departments within GCIO for control walkthroughs, sampling, evidence collection etc
- Maintain up-to-date knowledge of industry standards and best practices related to controls testing.
- Support the creation of GCIO Controls Assurance management information (MI)
- Participate in audits and assessments, providing support and insights as needed.
- Actively participate in team meetings and discussions, contributing ideas and insights to enhance the effectiveness and efficiency of controls assurance activities.
- Support Controls Assurance Lead to continuously identify and implement improvements within the assurance framework.
Skills & Experience Required
- 5-8 years experience in Information Security controls testing.
- Strong understanding of Information Security, for example, d ata protection, vulnerability assessment, penetration testing, security events and monitoring, data loss prevention, endpoint detection and response, network security etc
- Knowledge of industry standards like NIST and ITIL
- Excellent analytical and problem-solving skills
- Knowledge of regulatory requirements and industry best practices related to controls assurance, relevant to GCIO risks - such as Information Technology (IT), Information Security (IS), and/ or Data Management
- Exceptional communication skills, both verbal and written, with the ability to influence and engage stakeholders at all levels.
- Experience operating in a regulated environment and managing stakeholders across the Three Lines of Defense.
- Strong organization skills and attention to detail.
- Familiarity with cyber security, resilience and related domains preferred.
- Prior experience with Service Now Integrated Risk Management (SNOW - IRM) preferred.
Qualifications
- bachelors degree in Information Technology (IT), Computer Science, or a related field;
- Relevant certification (eg, CISA, CISSP), ISO 27001 Lead Auditor preferred
