Risk and Control Consultant

Sorry, this advert is now closed. Click here to view our live vacancies.

Role overview:

We are currently looking for a Risk and Control Consultant for a contract role providing Technology Risk and Control expertise in various Cyber Security projects for one of our large financial services clients.


Start Date: ASAP​
Term: 6 months​
Location: Hybrid with London Office (3 days per week on-site required).
 

Key deliverables:

  • Provide expertise and deliverables in Risk and Controls.
  • Perform assurance/validation of project/programme outcomes to agreed timelines and provide updates and reports on findings and progress made. 
  • Regular updates and reports on progress made in Programme to be signed off by CRO or VP Cyber Security Risk. 
  • Support the creation and review of controls ensuring alignment to internal policies and external frameworks e.g. CRI, ISO, NIST, ISAE. 
  • Controls fully aligned to policies and frameworks created and reviewed.  Signed off by CRO or VP Cyber Security Risk. 
  • Ongoing review of control effectiveness. 
  • Support the definition of a Control Library. 
  • Control Library defined and created. 
  • Review the control library, produce a gap analysis identifying implementation gaps and remediation approach. 
  • Independent assurance of control effectiveness. 
  • Leading, facilitating and providing assurance of the RCSA process, method, and outputs. 
  • Regular reviews of RCSA process and outputs. 
  • Support the definition of a risk assessment methodology for projects. 
  • Project Risk Assessment methodology to be defined.
  • Enhancement of ISAE 3000 internal Control Framework through alignment with Control Library. 
  • Preparing relevant submissions into risk governance committees. 
  • Producing procedure documents for risk management and governance. 
  • Ongoing expertise, information and documentation to be provided to relevant groups and committees in Risk Management and Governance. 
  • Create a Cyber Security Risk Framework aligned to the Enterprise Risk Management Framework and Group Framework. 
  • Cyber Security Risk Framework created and signed off by CRO or VP Cyber Security Risk. 
  • Support the definition and embedding of risk appetite and culture across the organisation.
  • Ongoing help and support on the definition and embedding of Risk appetite and culture. 

 

Key skills required: ​

  • The ability to fulfil the above deliverables.
  • Extensive experience working as a Risk & Controls Consultant or in a similar capacity.
  • Experience working on Cyber Security initiatives.
  • Technical background.
  • A strong understanding of Controls Testing and Gap Analysis.
  • IT Audit Experience.
  • Assurance Experience.
  • Excellent knowledge of relevant external frameworks e.g. CRI, ISO, NIST, ISAE.
  • Strong written and verbal communication skills.
  • Strong stakeholder management skills.
  • Strong organisation and time management skills.
  • Leadership experience preferred.
  • Recent Financial Services experience essential.

 

Please note this requirement does not support overseas working and will be Inside IR35.

#LI-DNI

Contract
9 September 2024
SME
Risk