Senior Analyst - Technology Risk Assurance

• Represent the business unit in the development of policies and standards.
• Develop and maintain policies and procedures aligned with the Information Security Framework.

• Support ongoing risk and control consulting activities in line with internal standards and regulatory requirements.
• Collaborate with stakeholders to evaluate control environments and recommend improvements.
• Coordinate assessments, control testing, and remediation efforts with internal teams and third parties.

• Build and manage security exceptions to support business and technology needs.
• Track and report on exception statuses to ensure visibility and accountability.

• Evaluate supplier security through SOC reports, SSAE documentation, and site reviews.
• Maintain vendor risk records and support continuous improvement of assessment processes.
• Coordinate vendor risk assessments in collaboration with relevant teams.

• Define project scope, goals, deliverables, and timelines.
• Provide security consulting throughout the project lifecycle.
• Monitor project progress and report to stakeholders.
• Develop and maintain the Secure Design Consulting framework and apply it to qualifying projects.

• Bachelor's degree in Computer Science, MIS, or a related field.
• Experience in information security, risk management, or audit (or equivalent education/training).
• Strong understanding of security frameworks and regulations (e.g., ISO, NIST, COBIT).
• Familiarity with the financial services industry is desirable.
• Relevant certifications such as CISSP, CISM, CISA, CRISC, CTPRP, CEH, or PMP.
• Experience with project management methodologies (Prince2 preferred).

• Excellent communication and interpersonal skills.
• Strong organisational and analytical abilities.
• Self-starter with a collaborative mindset.
• Professional, customer-focused, and eager to learn.
• Willingness to travel as required.

Charles Stanley