Cyber & IT Security Controls Manager - Edinburgh

We are seeking an experienced and highly motivated Cyber & IT Security Controls Manager to join our team. This role is critical in ensuring the effectiveness of the organisation’s cyber and IT security control environment, supporting operational resilience, regulatory compliance, and risk mitigation across the bank.

The successful candidate will have demonstrable experience in managing, assessing, and improving IT and Cyber Security controls within a regulated or complex enterprise environment.

Key Responsibilities

Develop a strong understanding of business areas, products, processes, and technology platforms in order to effectively assess and manage risk.
Collaborate with stakeholders across the bank and business units to improve overall control effectiveness through detailed documentation of control assessments, procedures, and findings.
Identify and investigate potential weaknesses and issues within internal controls, promoting continuous improvement and risk mitigation aligned to the bank’s control framework.
Prioritise control weaknesses based on their potential severity and impact on bank operations.
Produce clear and insightful reports communicating risk assessment findings, control weaknesses, and recommendations to control owners, senior management, and key stakeholders.
Execute reviews to determine the effectiveness of the bank’s internal controls framework, ensuring alignment with established and evolving policies, regulatory requirements, and industry best practice.
Support and implement adherence to the Controls Framework, applying appropriate methodologies for assessing controls against framework requirements.
Contribute to the ongoing enhancement and maturity of cyber and IT security governance and control processes.

Skills & Experience Required

Demonstrable experience in Cyber Security, IT Risk, IT Controls, or Information Security Governance roles.
Strong understanding of IT and Cyber Security control frameworks and risk management methodologies.
Experience conducting control assessments, reviews, and assurance activities.
Knowledge of regulatory expectations and industry best practices relating to cyber and technology risk.
Excellent analytical and problem-solving skills with the ability to identify control gaps and recommend practical improvements.
Strong stakeholder management and communication skills, with the ability to present findings clearly to both technical and non-technical audiences.
Experience producing high-quality documentation, reports, and risk assessments.
Ability to work collaboratively across multiple business and technology functions

#LI-DNI

Technology Risk

Edinburgh

360 Technology Risk

Edinburgh

360

Apply

Contact Us

2 Redheughs Rigg, Edinburgh, EH12 9DQ

recruitment@i-confidential.com

+44 (0) 131 445 1458

GDPR Candidate Agreement | Terms of Use