Service Risk Analyst

Purpose

The role holder will work in the one point-five line and is responsible for supporting as required the development, maintenance and application of the IT & Service internal risk and control environment through adherence to the company's strategy, policies, standards and procedures, ensuring the monitoring and adherence to both internal and external compliance. The role holder will work in partnership with the IT & Service teams as well as the 2nd line team to ensure consistency of practice across the group.

This is a role within the one point-five line of defence supporting the IT function and one where the right person can make their mark, take ownership and drive better outcomes and balance with 'keeping the lights on' in BAU.

Key Accountabilities -

• Provide support with all aspects of Operational Service risk management and the associated policies, procedures, governance and controls;
• Provide risk management advice, and support to the business, in particular IT functional leads across all IT pillars, ensuring that concepts, approaches and techniques are widely understood;
• Embed a continuous risk and control culture across the business;
• Owns relationship with specific IT & Service teams acting as the first point of contact for anything IT risk and controls related, in partnership with the third party suppliers (Infosys);
• Ownership of the governance around risk and remediation management for IT & Service functions;
• Owns the required status reporting for the IT & Service function into the Head of IT Risk, Controls and Operations for inclusion in board/exec reporting;
• Provision of data and analysis for the reporting of key risk metrics and Risk Appetite statements;
• Proactively supports Functional leads with the Periodic Risk Review process;
• Where required, support the ABS Risk and Control Manager in conducting deep-dive, thematic reviews with the IT & Service functional leads and teams to identify the root cause of any operational risk issues, identify control failings, and agree on suitable mitigation to prevent future reoccurrence;
• Ensures all issues relating to the control environment are captured and actions defined, executed and monitored effectively and on a timely basis;
• Perform data quality on all inputs to the risk management system, support with inputting data when required and hold administration rights to update some fields in support of the risk system management team in the 2nd LOD
• Work with the 1st and 2nd lines to ensure appropriate training is available in the areas of risk & compliance

Essential experience/skills required

• Previous experience working in an IT team implementing, enhancing and administering IT Risk & general controls.
• Strong working knowledge of IT Governance frameworks and best practices such as COBIT, SOC, ITIL, ISO*, CIS and NIST.
• Current IT General Control experience (ITGC) experience (minimum 3 years).
• Previous experience working in an ITGC team implementing IT general controls
• Experience in conducting risk analyses and managing risk & control assessments across IT infrastructure and Service Delivery
• Excellent communication skills
• The experience to work at ALL management levels
• Operational risk knowledge with proven experience in evaluating, measuring, mitigating and reporting risks
• Experience in conducting risk analyses and managing a risk & control register
• CRISC is desirable but not essential

Key Accountabilities:

There are 3 core components to this role:

Support reporting across MS ABS IT and to all partners and Legal Entities, supporting all assurance and quality control activities and providing ongoing monitoring of the IT ABS RCSA.

Risk/Control Governance

Support the ongoing monitoring and support of the IT RCSA:

• Support the ongoing reviews of the IT RCSA (and upload/monitoring into the GRC tool)
• Ensure all IT Risk Events are monitored and tracked to completion
• Identification of emerging risks within the IT portfolio
• Escalate any known issues to IT Risk, Control & Governance Manager

Assurance and Quality Control activity and Oversight:

• Support the required activity to support control effectiveness attestations and reporting
• Support of the control attestation process within ABS IT
• Support and oversight of the remediation actions with an active role in ensuring actions are tracked and closed
• Support and deliver assurance as per the plan within ABS IT
• Monitor, update and review all ABS Risks / Controls within GRC as appropriate

Reporting & other:

• Support the Legal Entities as and when required for all IT risk activities and reporting
• Support the creation of all ABS IT risk reports as required
• Support all internal audits across ABS IT
• Support all external audits across ABS IT
• Support all Risk activity as required across ABS IT

Stakeholder Management:

• The individual will be expected to build and manage relationships across the risk team within IT ABS, Infrastructure, Service Delivery and the relevant stakeholders within the entities