Subject Matter Expert- Cyber & Tech Controls-FTC

Summary of Role The successful candidate will be responsible for representing Information & Cyber Security (ICS) management in the successful co-ordination of Internal and External IT audits, as assigned, which include annual SOX and or SOC2 audits. The role holder will represent ICS in the end to end management of the audits, from initial planning and agreement of the TOR, through co-ordination of the audit walkthroughs, advising on management action plans and tracking actions. This role will suit a candidate with excellent stakeholder management skills and the ability to arbitrate between Audit and IT stakeholders as necessary bringing to bear deep specialist knowledge in compliance/controls and Cloud requirements. Based in the UK the role will have global stakeholders and require the ability to manage them remotely. The successful candidate will be organized with good attention to detail and the ability to work under pressure. The role holder will work closely with stakeholders to ensure that the technology controls deployed in our environment are designed and operating effectively. Providing suggestions and recommendations on improvement of IT controls and processes. They will be an effective communicator (both verbally and in writing) and a supportive team player, taking a consultative rather than confrontational approach whilst maintaining the integrity and independence and ensuring effective management of technology risk. The Role * Working with control owners and other key stakeholders to prepare for IT audits, internal and external * Working with the internal and external audit teams to agreed detailed audit schedules and walkthroughs * Prepare for and co-ordinate IT Audits including briefing of attendees, attendance at meetings, co-ordination of scheduling and review of management responses * Provide insight into audit findings and coach others through the development of remediation plans * Facilitate the development and documentation of controls in response to issues raised by audit * Provide appropriate challenge to both Internal and External auditors * Follow up open Audit points and work with the wider IT team to resolve * Status reporting and MI for technology management and senior stakeholders * Effective communication to all stakeholders * Review of control design for on prem and Cloud controls * Testing of control effectiveness * Advice and guidance to control owners and project teams * Establishing and operating processes and procedures to manage workload * Co-ordinating and delivering assurance services * Reporting and tracking technology control gaps as well as ineffective or inadequate technology controls * Coordination and tracking remediation activities being performed by technology control owners * Taking initiatives and contributing to improvement of the Global Technology Risk and Control activities * Identify opportunities and recommendation to improve the design and implementation of technology controls * Support technology control owners in the design and maintenance of controls and documentation * Undertaking such other tasks and responsibilities as assigned by management The Requirements * Credibility and technical understanding of recognised risk and control management practices * Cloud Security qualifications/experience desired * Previous experience in an IT Audit or Risk Management role * Knowledge and understanding of IT general controls and IT concepts * Whilst this is not a hands-on technical role, the role holder will be expected to demonstrate a strong awareness of technology and how IT is used to enable business processes. * Professionally qualified (CISA/CISM/CRISC/ CCSP/CISSP) is desired * Experience of working within a Global Financial organisation (desirable) Equal Opportunity Employer