Purpose of the job

• We are looking for a Technical Risk and Controls Lead to join our global technology team and help us manage the IT risks and controls across our diverse portfolio of products and services. You will create and manage KPI dashboards, implement, monitor and report technology risks and controls within a framework, and ensuring compliance with internal policies and external regulations.
• Reporting to the Director of Architecture you will work closely with our leadership team, business stakeholders, and external auditors to provide assurance and guidance on IT risk and control matters. This role requires risk management expertise along with excellent communication skills to educate and influence SME’s and inform and seek decisions from senior leaders.

Key Responsibilities

• Develop an automated ‘control centre’ to check our controls implementation, to monitor key performance indicators and to automatically alert of any deviation or anomaly.
• Track, report and evolve technology control KPI’s including cost management, service and security metrics.
• Support teams in ensuring all internal and external policies and standards are followed.
• Lead regular meetings with senior management and SMEs to review progress and compliance with the Collinson Risk Management Framework, including incident management, issue management and root cause analysis. 
• Co-ordinate and support the leadership team to proactively manage the remediation of Issues – including Policy deviations and risk acceptance process and obtain relevant approvals where issues meet these requirements. 
• Ensure all technology risks have remediation plans and / or support any necessary ‘Risk Acceptance’, in line with the set risk appetite. 
• Participate in major tech projects to ensure that risk management and control considerations are integrated from the outset. 
• Evaluate the impact of new technologies or changes in existing systems on the company’s risk profile. 
• Continuously monitor the tech risk landscape and update risk management practices accordingly. 
• Assist in internal and external audits, providing necessary documentation and explanations.

Knowledge, skills, and experience required

• You have a bachelor’s degree in computer science, information systems, or a related field, or equivalent work experience.
• You have at least five years of experience in IT risk and control management, preferably in a global and complex environment.
• You have a strong knowledge of IT risk and control frameworks, such as COBIT, ISO 27001, NIST, PCI-DSS.
• You have a certification in IT risk and control.
• You have excellent communication and people skills, with the ability to influence and
•  collaborate with senior stakeholders and auditors.
• You have strong analytical and critical thinking skills, with the ability to identify and mitigate IT risks and issues.
• You have an initiative-taking and flexible attitude, with the ability to adapt to changing priorities and deadlines.
• You can collaborate with senior stakeholders effectively to establish relationships and
• become a trusted advisor, providing pragmatic, proportionate advice on security risk management.
• You are initiative-taking and with a desire to continually learn.
• Experience of risk matrix management.