IT Governance, Risk and Compliance (GRC) Lead

p strong IT Governance, Risk and Compliance (GRC) Lead /strong /p br You can get further details about the nature of this opening, and what is expected from applicants, by reading the below. br p strong 1) Background /strong /p p This new role forms a key part of the Technology Risk Management function, supporting the Head of Technology Risk. The role holder will form a crucial component in the establishment of an enhanced risk management framework and beyond that identify and assess potential risks across Technology, as well as ensuring a comprehensive approach to risk mitigation. /p p strong 2) Purpose of Job /strong /p ul li Risk Framework Embedding: Drive the development of and compliance with Technology policies, standards and procedures, to promote best practices across the organization. /li li Risk Management: Identify, assess, and mitigate Technology risks and embed the control framework to safeguard the organization's Technology assets. /li li Compliance Oversight: Ensure adherence to relevant laws, regulations, and standards, maintaining up-to-date knowledge of industry compliance requirements. /li li Stakeholder Collaboration: Collaborate with cross-functional teams and executive leadership to drive Technology risk governance and support business goals. /li /ul p strong 3) Accountabilities & Responsibilities /strong /p ul li Technology Policy & Standard Framework : Develop, maintain and embed Technology Policies, Standards and Procedures whilst also implementing the IT function’s objectives. /li li Technology Risk Taxonomy & Register: Identify the Technology risks faced by the organization that give rise to potential disruptions, failures, or adverse impacts on business processes arising from the use, adoption or reliance on technology including hardware, software, networks and information systems. /li li Programmes & Emerging Risk : Provide oversight and input into risk assessments to help identify potential risks and devise mitigation strategies, prior to technological changes. Help to ensure alignment of technological changes with the organization's risk tolerance and strategic objectives. /li li Technology Risk Training: Embed a culture of risk awareness and ensure that relevant parties are aware of their roles and responsibilities concerning risk. /li li Risk Engagement - Business : Conduct regular engagement meetings with key Business stakeholders to ensure key areas of risk (e.g. shadow technology, team-specific instances of technology, etc) are identified and to embed ownership of risks and controls where relevant. /li li Risk Engagement - Technology : Conduct regular meetings with key stakeholders within the IT Department to ensure awareness of key areas of risk (such as: Top 10’risks, Policies, Standards, etc) and to embed ownership of risks and controls where relevant. /li li Risk Register Monitoring : Maintain and update a register of Technology-related risk events, incidents, audit findings, exceptions, etc. Work with responsible areas to assess these, develop action plans, identify owners and track through to completion. /li li Committee & Board Reporting: Produce the required Board and Committee-level Technology metrics for inclusion in the respective reporting decks as required. /li li Technology & Intragroup Reporting: Produce a suite of metrics for inclusion in the various Technology meetings/ forums/ reports as required. /li li Regulatory Reporting : Work with the Regulatory Reporting team to ensure the required information for Regulatory submissions is accurate, relevant and provided in a timely manner. /li li Client DD Reporting : Provide input to determine the risk MI required from clients to help ensure the risk position is fully understood. /li li Third Party Risk Management (TPRM) Reporting: Develop specific metrics relating to the risk exposure of 3rd party technology providers in its suite of metrics to ensure the risk position is understood. /li /ul p strong 4) Knowledge, Skills, Experience & Qualifications /strong /p p The post holder will be expected to demonstrate: /p ol li Attention to Detail: Meticulous attention to detail is crucial for accurately managing open audit points, helping to document audit actions, and accurately track and report on the status of management actions. /li li Organisational Skills: Strong organisational skills are necessary to effectively coordinate audit schedules, manage documentation, and prioritise tasks across the IT Department. /li li Time Management: Excellent time management skills are essential for managing multiple audit engagements, meeting deadlines, and ensuring the smooth progression of audit activities. /li li Communication Skills: Clear and concise communication skills are vital for effectively liaising with internal and external stakeholders, conveying audit-related information, and facilitating collaboration across the IT Department. /li li Analytical Skills: Basic analytical skills are beneficial for analysing audit data, identifying trends, and generating insights to support audit reporting and decision-making processes within the Technology domain. /li li Adaptability: Ability to adapt to changing priorities, audit requirements, and work effectively in a dynamic and fast-paced environment. /li li Confidentiality: Demonstrated ability to handle sensitive information with discretion and maintain confidentiality in accordance with organisational policies. /li li Proficiency in Office Software: Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint, Outlook) and other relevant software applications for document management, data entry, and reporting. /li li Technology Knowledge: Work towards a detailed understanding of Technology and cyber risk frameworks (e.g. NIST / ISO27001 / COBIT / ITIL). /li /ol