Role overview:
We are currently looking for a Risk and Control Consultant for a contract role providing Technology Risk and Control expertise in various Cyber Security projects for one of our large financial services clients.
Start Date: ASAP
Term: 6 months
Location: Hybrid with London Office (3 days per week on-site required).
Key deliverables:
- Provide expertise and deliverables in Risk and Controls.
- Perform assurance/validation of project/programme outcomes to agreed timelines and provide updates and reports on findings and progress made.
- Regular updates and reports on progress made in Programme to be signed off by CRO or VP Cyber Security Risk.
- Support the creation and review of controls ensuring alignment to internal policies and external frameworks e.g. CRI, ISO, NIST, ISAE.
- Controls fully aligned to policies and frameworks created and reviewed. Signed off by CRO or VP Cyber Security Risk.
- Ongoing review of control effectiveness.
- Support the definition of a Control Library.
- Control Library defined and created.
- Review the control library, produce a gap analysis identifying implementation gaps and remediation approach.
- Independent assurance of control effectiveness.
- Leading, facilitating and providing assurance of the RCSA process, method, and outputs.
- Regular reviews of RCSA process and outputs.
- Support the definition of a risk assessment methodology for projects.
- Project Risk Assessment methodology to be defined.
- Enhancement of ISAE 3000 internal Control Framework through alignment with Control Library.
- Preparing relevant submissions into risk governance committees.
- Producing procedure documents for risk management and governance.
- Ongoing expertise, information and documentation to be provided to relevant groups and committees in Risk Management and Governance.
- Create a Cyber Security Risk Framework aligned to the Enterprise Risk Management Framework and Group Framework.
- Cyber Security Risk Framework created and signed off by CRO or VP Cyber Security Risk.
- Support the definition and embedding of risk appetite and culture across the organisation.
- Ongoing help and support on the definition and embedding of Risk appetite and culture.
Key skills required:
- The ability to fulfil the above deliverables.
- Extensive experience working as a Risk & Controls Consultant or in a similar capacity.
- Experience working on Cyber Security initiatives.
- Technical background.
- A strong understanding of Controls Testing and Gap Analysis.
- IT Audit Experience.
- Assurance Experience.
- Excellent knowledge of relevant external frameworks e.g. CRI, ISO, NIST, ISAE.
- Strong written and verbal communication skills.
- Strong stakeholder management skills.
- Strong organisation and time management skills.
- Leadership experience preferred.
- Recent Financial Services experience essential.
Please note this requirement does not support overseas working and will be Inside IR35.
#LI-DNI