IT Risk and Controls Manager

The Risk and Controls Manager needs to hold a holistic view of EITS risks in the areas of Strategy, Security, Technology, Change Delivery and Operations.

As the owner, the core of the role is to define and manage governance processes needed to manage risks, mitigating controls and any relating incidents and work with Leadership and Management to ensure these are integrated with wider EITS process.

• Risk Management Framework: Develop and implement a comprehensive risk management framework that aligns with the organization's strategic goals and objectives. This will be aligned to COBIT but also take into account other frameworks in use such as NIST and ITIL.
• Stakeholder Engagement: Engage with external stakeholders, including the Head of Risk Assurance, the Risk Assurance team and our internal audit partners, to ensure effective communication and compliance with risk-related policies and processes. Ensure that any change in regulation, that impacts EITS, is assessed and actions managed to completion.
• Risk Assessment: Identify, assess, and prioritize risks across EITS Pillars, including financial, operational, regulatory, reputational and strategic risks. Ensure these are documented in the appropriate Risk Register to a high standard and regularly assessed and attested.
• Risk Mitigation: Develop and implement risk mitigation strategies, controls and action plans to minimize potential negative impacts on the organization. Ensure that any required actions are maintained on the correct EITS backlogs and planned according to the EITS Change Delivery process.
• Policy Management: Establish a baseline of IT Policies, Processes and Standards. Develop a policy management process that maintains that baseline based on both the needs of the Business and required alignment to changes to meet regulatory and compliance needs.
• Risk Reporting: Prepare and present regular risk reports to EITS Leadership and Management, highlighting key risks, trends, and mitigation strategies. Establish a reporting line to Enterprise Risk Assurance, and relevant governing bodies, and provide reports to the correct level and cadence.
• Major Incident Reporting:Own the Major Incident Reporting process. Lead the post incident activity to ensure all Major Incidents are documented in line with Enterprise Risk guidelines and deliver a report to the MDU Executive detailed the incident, root cause and follow on actions. Manage a backlog of follow actions and track them to completion.
• Training and Awareness: Develop and deliver risk management training programs and workshops to enhance risk awareness and capability across the department.
• Collaboration: Represent IT Risk within the MDU to ensure that new risks being introduced by new Projects, or other business activity, and any changes to existing risks, or controls, are transitioned into the EITS Risk, documented correctly and managed in accordance with EITS process.
• MDU Audits: Work with Risk Assurance to establish a backlog of planned audits that is planned in accordance with EITS delivery processes. Assist internal, and external, audits by co-ordinating required interviews and the provision of artifacts for the EITS department.

Do you have experience in NIST standards?, * Experience in operational risk management compliance, or governance role, within financial services or high regulation sector (for example Pharmaceuticals).

• Demonstrable working knowledge of common IT processes and department functions.
• Working knowledge of a recognised Risk Management Framework, such as NIST, or as part of a more general framework such as COBIT (preferred)
• Excellent communication and influencing skills, with the ability to engage stakeholders at all levels.
• Experience in building risk dashboards and analytics.
• Proficiency in Microsoft Office tools (Excel, PowerPoint, Word).
• Working towards or have achieved a risk qualification.