Job Application

IT Risk and Governance Manager - IT Audit - PCI - SWIFT - BCP

Contract: Permanent, full time, 35 hours per week

Location: Kings Hill-based (Kent) with hybrid working (Average of 2 days per week in the Kings Hill office)

Would you like to join a dynamic team and make a significant impact on the key areas of IT risk and governance as we progress our cloud adoption journey?

We're looking for a talented IT Risk and Governance Manager to join our IT Team.

What you'll do

As our IT Risk and Governance Manager you too will play an integral part in what we do.

As our IT Risk and Governance Manager you will:

- Report to CISO on all matters related to IT risks and governance.

- Collaborate with IT managers to identify, assess, and mitigate IT risks.

- Facilitate IT audits to ensure compliance with internal and external requirements.

- Own and manage program of IT assessments and compliance requirements.

- Collaborate with internal stakeholders to align IT risk and governance with business objectives and risk appetite.

- Improve maturity of the function, including the management of IT risk and governance policies, procedures, administration and reporting for IT and Exec stakeholders.

Who you'll be

This role is for you if you have experience of working in IT with a governance, risk or compliance role or have relevant transferable skills and are keen to make a difference to society.

We are looking for:

- Proven experience in IT risk management and governance.

- Working knowledge of IT risk management and compliance frameworks.

- Excellent communication and interpersonal skills.

- Ability to work collaboratively with internal and external stakeholders.

- Strong organizational, administration and project management skills.

IT Audit and Assessment Management:

Collaborate with relevant stakeholders to create, own and maintain a forward plan for various audit, risk and governance activities, including internal audits, external audits, IT assessments, DR and IT BCP tests and policy review schedules.

Co-ordinate and facilitate the execution of IT audits and assessments, including but not limited to PCI DSS, SWIFT, and Cyber Insurance.

Measure and report adherence to IT risk management policies and procedures, making recommendations for improvements where necessary, to ensure compliance with relevant industry standards, regulations, and best practices.

IT Risk Management:

Own and maintain the IT risk register, risk acceptances, risk assessments and associated risk artifacts, ensuring they are kept updated, all identified risks have owners, are appropriately assessed, categorised with an agreed and documented treatment plan. Collaborate across IT and group Governance teams to identify, register and document emerging risks, and status of planned remediation for existing risks, for escalation and management reporting.

BCP Documentation:

Maintain and update the IT Business Continuity Plan (BCP) documents, ensuring they reflect current business processes and IT systems.

Ensure IT staff are aware and prepared for BCP through, communication, documentation and testing exercises.

IT Governance Reporting and MI:

Work closely with IT senior management to ensure all IT risk, governance and assurance reporting artifacts are up-to-date, accurate and available for IT governance and organisational executive stakeholder meetings.

IT Departmental Process Owner:

Take ownership of specific IT departmental policies and processes, such as Fire Evacuation procedures, Recruitment processes, Data Protection Impact Assessments (DPIA), Records of Processing Activities (ROPA), External Data Transfers, Disaster Recovery (DR) call tree, and IT departmental DR processes.

Manage and enhance these processes to ensure efficiency and compliance.