IT Risk & Control Officer
6 Month Contract

32 HOURS

Remote - UK & EU
Freelance Contract - can most likely use a limited company

The IT Risk & Compliance Officer is responsible for partnering with risk owners throughout the Tech business function and other business units to design and maintain internal controls in line with our risk appetite and to maintain the quality of our processes.
The role requires to work closely with stakeholders from multiple departments and to have a strong big picture focus, but be able to zoom in and out of the details to ensure full process understanding.

Responsibilities and skills required for the IT Risk Officer role are tightly linked to the Capability Area they work for, in Risk Management (focus on risk identification, analysis and treatment), Risk Governance & Project Management (focus on policy governance), or Third Party Risk Management & Customer Trust (focus on 3rd party risk). The IT Risk & Compliance Officer role requires solid stakeholder management skills, and to be comfortable with challenging risk owners to come up with robust, scalable solutions which mitigate key risks while enabling successful business operations.

Key Responsibilities
Tasks and responsibilities will vary depending on the Capability Area: Risk Management

• Support risk owners to design controls that mitigate any relevant risks all the way through to implementation and monitoring.
• Provide advice on control design that is both sustainable and right sized (ie a simple solution for a simple problem, no overengineering).
• Coordinate new requests from the business functions and units for support with controls.
• Participate in sprint planning sessions from development teams to support risk identification, assessment and treatment during the development life cycle.
• Assist in the development and leading of regular training/awareness programs to train and educate risk owners on internal controls topics.
• Stay flexible to meet the dynamic business needs, while maintaining robust solutions that strengthen the control environment.

Risk Governance & Project Management

• Support the IT policy life cycle management including the design, implementation and adoption of policies, standards and guidelines in the areas of cybersecurity, privacy and regulatory compliance.
• Build knowledge of internal controls, systems and process landscape to enable clear understanding of impact from IT policies and standards.
• Manage exceptions to IT policies and standards.

Third Party Risk and Customer Trust

• Conduct third-party due diligence.
• Perform privacy and information security risk assessments at third parties.
• Identify opportunities to position data privacy and security not just as a risk management issue, but as a potential source of competitive advantage improving brand-building and corporate reputation.

Requirements of special knowledge/skills Work experience in business analysis, auditing, corporate governance, risk management or internal controls.

• Ability to develop solid relationships with business partners in order to drive the adoption of the risk management culture.
• Thorough technical understanding of internal control requirements and design and experience in applying them in various businesses.
• Able to split large tasks into logical, manageable and decoupled actions which are managed effectively and delivered on time.
• Be flexible and agile in response to the change in business, change in stakeholder

This candidate will need experience with SOX.