Your contact

Simon Long

Simon Long


T + 44 (0)1622 675 126
D +44 (0)1622 620 713
M +44 (0)7730 591 492

Submit CV for this job

Permanent: IT Risk Analyst

Ref: CIL / 27372

Location: High Wycombe

Salary: up to £40k + bonus & pens

Duration: Full Time

Start Date: ASAP

Last updated: 24 November 2015

The IT Planning & Governance department currently have a vacancy for a Risk Analyst. A brief description of the job role is outlined below: 

Position Objectives:   

  • Responsible for identifying, mitigating risks, in accordance with Enterprise IT Risk and Compliance frameworks.
  • Manage the SII (Self-Identified Issues) processes that have IT involvement and ensure completion to agreed timescales.
  • Assist with the Risk and Control Self Assessment (RCSA) process coordinated by Operational Risk.
  • Complete project based Risk Assessments in a timely basis.
  • Guide management in ensuring that internal controls and practices are functioning and consistent with company policies and standards.  
  • Assist with the design and implementation of appropriate standards and effective controls and drive consistency across business and IT.
  • Ensure proper processes are in place on new projects/systems/significant changes to address proper risks and controls at implementation
  • Execute lower-level risk assessments to identify project/vendor-level risks and develops mitigation strategies.
  • Track and facilitates closure of all open control matters, including audit, assessment, and exam issues. Communicate status of risk and compliance related initiatives to IT Leadership.
  • Cascade monthly updates to IO IT Leadership Team on open audit issues and SII.
  • Educate, train and coach IT personnel on all aspects of risk management.  

Vendor Reviews:

  • Review completed reports from vendors (align testing with North America (NA)).
  • Manage vendor reviews that have a dual responsibility across the group
  • Ensure complete coverage of all vendors through the legislative process.
  • Support assessments conducted by independent risk and compliance organizations, primarily through collection of control evidence and creation of remediation action plans.
  • Develop calendar to ensure all vendors participate in relevant reviews.
  • Develop relationship with IT Procurement and share  recognised best practices. 


  • Assist the business, Internal and External Audit to determine bi-annual SOX scope for IT systems.
  • Coordinate with Internal and External Audit scope for SOX critical applications and Non-SOX applications.
  • Monitor IT SOX objectives and update strategy and processes.
  • Develop and implement common SOX controls Framework globally
  • Coordinate with Internal and external Audit all IT SOX related activities including bi-annual testing and provide evidence as requested.
  • Coordinate remediation activities across all business units and functional areas during testing period.
  • Assist with collation of evidence for certification and liaise with Internal Audit for verification of controls
  • Monitor and analyze assessment status, metrics and schedules and report out on themes and trends. 

Qualifications & Experience:

  • Proven IT Risk and Controls experience
  • Audit, Compliance, Risk experience 3 + years or equivalent
  • Audit and or Compliance background preferred.
  • Archer experience preferred
  • Knowledge of Security requirements preferred.
  • Certification in Risk and Information Systems Controls would be a plus. 

Skills & Knowledge:

  • Working knowledge of Risks and Controls in an IT environment.
  • Understands company goals and practices and applies them when solving problems. 
  • Uses judgment, creativity and sound knowledge to obtain and recommend solutions.
  • Interfaces with senior management to obtain & convey information.
  • Operational experience with metrics tracking & reporting tools

Submit your CV for this job

Church International Limited (CIL) acts as an employment business for temporary positions and an employment agency for permanent positions. CIL is a committed equal opportunities employer. If you do not hear from us within 7 days then unfortunately your application has been unsuccessful on this occasion, however we may retain your details on our database for future opportunities. Candidates' CVs will not be forwarded onto third parties without their consent.

Applicants must be eligible to live and work in the specified location.

Back to the Job Search