IT Assurance Analyst

Job Description

The Audit and Risk Recruitment Company*has been mandated by our client, a global insurance giant, in their search for a Technology Assurance Analyst (focusing on customer delivery) to join a growing function.Salary range 50 - 60K with substantial benefits.This is a hybrid working role (1-2 days per week in the office) and can be based in Leeds, Manchester or StainesReporting into a Senior Manager, you will be responsible for assessing IT risk and overseeing information security on behalf of suppliers OR supporting commercial teams in the delivery of information security to customers.The purpose of this role is to assist in the operation of 3rd Party IT Risk functions focused on Supplier Assurance by the execution and oversight of activities including risk assessments, contract reviews, due diligence, auditing, findings and reportingto manage the risks related to these areas both within IT, Procurement, Legal, Data Privacy and the wider business, including the execution of Customer Assurance activities.What you’ll do:

• Execute and oversee the delivery of end-to-end supplier due diligence both as part of the onboarding and ongoing processes aligned to defined SLAs
• Execute and oversee the delivery of end-to-end audits both for Information Security engagements and wider Supplier Assurance audits in direct partnership with suppliers and Supplier relationship Management.
• Questionnaire assessments (from an information security perspective)
• Assessment of controls covering IT domains including Access Management, Data Protection, Change Management, Vulnerability Management, Network Security, 3rd Party Management, Logging & Monitoring, Business Continuity Management, Disaster Recovery, IncidentResponse, Physical, and Secure Development.
• Reviewing supplier contractual agreements to ensure that expectations are fully met or formally risk accepted by appropriate leadership to defined SLAs and meet required standards.
• Drafting, agreement, and formation of risk assessment papers to defined SLAs with internal stakeholders to ensure that risks are accurately assessed; clearly articulated; mitigations agreed and documented; and appropriate ownership is formally agreed.
• Track the remediation of findings and management of risks including reporting, obtaining updates, and reviewing evidence received to ensure effective and timely closure.
• Oversee the delivery of 3rd Party IT Risk function including delivery of metrics and reporting; execution of quality assurance
• Attendance at required meetings and execution of other activities as directed by senior management.

Background Requirements*

• Certified in relevant IT audit, risk and security certifications preferably with one of the following: CISA, CISM, CRISC or CISSP.
• UK experience (IT Risk / internal audit) from either top 10 practice or commercial environment
• IT Security/Assurance, Audit, Compliance and Risk knowledge, experience of IT Risk and assurance frameworks, and IT control assurance assessments (e.g. ISO 27001, PCI DSS, CIS 20, NIST, ISACA IT Risk).
• Demonstrable experience in planning, executing and supervision of controls assessments and risk-based audits.
• Demonstrable experience in review and assessment of contractual or regulatory artifacts / documentation
• Experience of IT Assurance concepts preferably with internal IT Compliance or IT Control assurance experience.
• Experience of IT/IS Risk Management concepts and terminology understanding the role controls play in risk mitigation

*Relevant UK experience is required for this position and our client is unable to offer sponsorship.