Senior IT Assurance Analyst

The Senior IT Assurance Analyst plays a key role in strengthening Asta's cyber resilience by identifying and assessing risks across internal and client IT environments. The role evaluates and enhances security controls, supports regulatory and standards-based compliance (including ISO 27001, NIST, SOC2 and Lloyd's requirements), and provides expert cyber consultancy on emerging technology risks. The position supports and conducts IT audits, manages supplier assurance, and ensures timely remediation of findings. Operating as part of the Second Line of Defence, the analyst provides independent oversight and challenge to IT risk management, contributing to Asta's Cyber Assurance Framework and overall security strategy., Risk Identification and Assessment: Identify and assess risks in Asta and client IT systems and supply chain, including security gaps, weak controls, and operational risks. This involves conducting thorough risk assessments through IT attestations and developing strategies to mitigate identified risks Control Evaluation: Oversee cyber security governance controls in line with Asta's Cyber Assurance Framework by conducting audits, control testing, and evidence reviews, recommending improvements to ensure Asta and client's policies and standards are effectively implemented. Regulatory Compliance: Assist with compliance activities such as policy and process assessments and improvements, Lloyd's Principle 12, ISO27001, NIST and SOC2 re-certifications and audits. This involves staying up to date with regulatory changes and implementing necessary adjustments to maintain compliance Cyber Consultancy: Offer cyber consultancy services to support client initiatives, ensuring compliance and risk appetite requirements are met. Conduct thematic reviews and deep-dive assessments on emerging technology risks (e.g., cyber resilience, AI, cloud security, identity and access management). Audit Support: Support or conduct IT audits, testing, and reporting on controls. Track and validate remediation of IT risk issues and audit findings, ensuring timely and effective closure. Supplier Assurance: Manage supplier assurance processes to ensure third-party vendors comply with security and regulatory requirements. This includes conducting vendor assessments, monitoring vendor performance, and addressing any compliance issues Second Line of Defence: Provide independent oversight and challenge of IT risk management and control practices across the organisation. Challenge risk assessments, control self-assessments, and key risk indicators (KRIs) produced by the 1st line. Contribute to incident management processes. Collaborate with Risk and internal audit teams by acting as a subject matter expert on IT risk and control frameworks.

Do you have experience in Windows?, * Attention to detail to identify control gaps or compliance issues

• Experience of cybersecurity frameworks/standards: ISO 27001, NIST, CIS, SOC
• Understanding of IT General Controls (e.g., access management, zero trust, vulnerability management).
• General IT background: networking, development, databases, security, windows operating systems
• Collaboration skills to work with IT, security, compliance, internal audit and risk teams
• Experience in regulated industry
• Project management and ability to manage multiple assurance reviews.
• High integrity and independence mindset to provide independent challenge and constructive oversight to 1st line teams.
• Strong analytical skills to identify weaknesses and translate technical risk into business impact.
• Ability to influence without direct authority and challenge effectively

At Asta, you'll enjoy a market-leading benefits package that puts your wellbeing, career development and financial future first. We combine flexible working, strong family-friendly policies and exceptional rewards to create a supportive, inclusive and high-performing workplace. Our benefits include:

Work-life balance you can rely on

• 35-hour working week with hybrid and flexible working
• Generous holiday allowance that increases with service

Your health & wellbeing covered

• Private medical insurance with virtual GP access
• Annual health screening, dental cover and eye care
• Subsidised gym or sports club membership

Support for you and your family

• Enhanced maternity, paternity, adoption and shared parental pay

Rewarding your contribution

• Highly competitive pension with up to 13% employer contribution
• Life assurance and income protection
• Discretionary annual bonus scheme
• Interest-free season ticket loan and salary sacrifice schemes

We are a specialist professional services and technology firm, working in partnership with leading insurance, highly regulated and global businesses. We help our clients to manage risk, operate their core business processes, transform and grow. We deliver professional services and technology solutions across the risk and insurance value chain, including excellence in claims, underwriting, distribution, regulation & risk, customer experience, human capital, digital transformation & change management. Our global team of more than 8,000 professionals operate across ten countries, including the UK & the U.S. Over the past ten years Davies has grown its annual revenues more than 20-fold, investing heavily in research & development, innovation & automation, colleague development, and client service. Today the group serves more than 1,500 insurance, financial services, public sector, and other highly regulated clients.     If you require alternative methods of application or screening, you must approach the employer directly to request this as Indeed is not responsible for the employer's application process.