Technology Risk & Control Manager - Perm
Barclays are currently looking for someone with an IT Audit background, to join theei IT Risk & Control team in Radbroke Hall, on a permanent basis.
- To ensure that Technology Functions and sub-areas have full transparency of the risks and issues that affect each area, this allows for risk based decision making and improved focus on key areas.
- Identify compliance requirements with Group and local risk and control policies, frameworks, standards and procedures, escalating issues, concerns and non-discretionary risks through agreed channels.
- To provide advice, opinion, guidance and support to Tech Functions in respect of any risk and control issues, act as key liaison for audits either internal or external planned/underway.
- To support project-related Operational Risk and Sarbanes-Oxley Impact Assessment (ORIAs & SOx IAs) activity within Technology Functions.
- To support business-as-usual Risk and Control Assessment (RCA) activity within Technology Functions.
- To support the documentation and remediation of controls for applications/infrastructure in scope of the Sarbanes-Oxley legislation.
- To track and report on outstanding actions relating to audit findings, Security Non Compliances, UIA, Tech/IRM KRIs, Risk and Control Assessment findings.
- To provide general governance and compliance consultancy across Technology Functions.
- To ensure that activities delivered under own control are in accordance with appropriate governance, compliance and operational principles/frameworks of risk.
- To proactively make recommendations re improvement to processes and procedures relating to governance and compliance, and to support implementation of those subsequently approved.
- To provide advice, guidance and support in respect of audits planned/underway - to include planning, preparation, fieldwork, report production, action planning, monitoring, reporting, support of issues assurance.
- To support on-going business-as-usual RCA activity, including making recommendations as to: acceptance of risk/strengthening of controls, control improvements, creation of action plans.
- To provide timely advice, guidance and support to project managers regarding project risk and control management, including: liaison with internal and external teams and agencies regarding Technology Control Self-Assessment (TCSA) provision, advising and supporting TCSA preparation, and making recommendations as to acceptance of risk/strengthening of controls, control improvements, creation of action plans.
- To provide advice, guidance and support to project managers re Operational Risk Impacts and Sarbanes-Oxley control impacts relating to projects, including: identification of impacts, making recommendations for control remediation, creation of action plans and sign-off of residual risk in accordance with Risk Limits of Authority.
- To support activities relating to applications/services in scope of the Sarbanes-Oxley legislation, both existing and any additional applications/services as determined, including supporting the identification, design, documentation, remediation and testing of related controls and assigning responsibility for process and control ownership.
- To coordinate Sarbanes-Oxley attestations, providing advice, guidance and support to process/control owners, and escalating any issues in a timely manner.
Applicants should be able to demonstrate the competences listed below, but applications are welcomed from applicants who may not be able to demonstrate all those listed below, but who exhibit appropriate behaviours and aptitude:
- A Detailed knowledge of the requirements of the Sarbanes Oxley act in term of General Computing Controls.
- Knowledge of Group risk, business area risk and the Barclays Technology Governance & Assurance structure, roles and resources. This includes knowledge of the Group's approach to risk management, and the assessment and profiling techniques used.
- A good understanding of Group and Barclays Technology operational risk policies, including IT Security
- Detailed understanding of how the responsibilities of the role affect the work of others within other Barclays risk teams and the broader organisation.
- Good understanding of the group operational risk framework, in particular in relation to the completion of Risk and Control Assessments
- Broad understanding of other risk related policies, such as the Data Protection Act, Disability Discrimination Act, etc.
- Strong understanding of risk, control and change management.
- Working knowledge of Barclays Group process risk methods and tools such as ORAC and RSAM.
- Conversant with service management and delivery best practices (eg ITIL) and familiar with risk and control frameworks (eg COBIT).
- Clear articulation of IT structure and functions within Barclays and the services and product set of a Technology area
- Broad understanding of Barclays Technology strategy, design and business direction.
- Good oral and written communication skills, able to articulate and clearly communicate complex concepts
- Experience of influencing decision makers and senior management
- Strong investigative and analytical skills, able to quickly identify the core issues
- Ability to manage several activities concurrently, prioritising appropriately
- Takes initiative to keep own skills up to date and maintain awareness of developments in the IT industry.