IT Controls Testing Lead

My client, a Trading platform based in London, are looking for an IT Controls Testing Lead to join their growing team. For this role you will have to be in their offices 3 times per week.

Overview:

My client is a leading trading platform that is ambitiously expanding to the four corners of the globe. Their top-rated products have won prestigious industry awards for their cutting-edge technology and seamless client experience. They deliver only the best, so they are always in search of the best people to join our ever-growing talented team.

Responsibilities:

• Design and maintain a robust technology control testing framework aligned with risk management standards (e.g., NIST, ISO 27001, COBIT, ITIL).
• Develop and update testing methodologies, ensuring they address key risks related to IT infrastructure, cybersecurity, cloud services, and software development.
• Establish and maintain control testing policies and procedures that align with regulatory and internal governance requirements.
• Ensure the control testing framework integrates seamlessly with the broader Operational Risk Management Framework (ORMF).
• Maintain a comprehensive control library, mapping controls to risks and business objectives.
• Plan and execute detailed control testing activities across IT operations, systems, and processes, including:
• Cybersecurity controls (e.g., firewalls, encryption, access management).
• Cloud computing controls (e.g., AWS, Azure, Google Cloud).
• Data protection controls (e.g., GDPR compliance, data backups).
• Incident management processes and disaster recovery testing.
• Test both the design and operating effectiveness of IT controls.
• Prioritise control testing activities based on risk assessments, focusing on high-risk areas such as payment systems, customer data protection, and regulatory reporting.
• Document and communicate control deficiencies to relevant stakeholders.
• Work with technology teams to develop, track, and implement remediation plans to address identified control gaps.
• Perform follow-up testing to validate the resolution of issues and confirm effectiveness.
• Assess IT controls of third-party vendors and service providers, ensuring compliance with contractual and regulatory obligations.
• Support vendor risk management activities by evaluating third-party cybersecurity and IT governance controls.
• Document findings and control weaknesses, ensuring they are communicated clearly to relevant stakeholders.
• Work with control owners and process teams to develop and track remediation plans for identified deficiencies, ensuring timely resolution.
• Conduct follow-up testing to validate the implementation and effectiveness of corrective actions.
• Collaborate with risk teams to ensure control testing aligns with the organisation’s risk assessment and regulatory requirements.
• Present findings and recommendations to senior leadership, providing actionable insights to improve the control environment.
• Support regulatory audits and examinations by providing control testing documentation and responding to inquiries.
• Ensure the organisation is prepared for external reviews of its control environment.

Requirements:

• 5-7 years of experience in technology risk management, IT audit, or control testing within a regulated FinTech or financial services environment.
• Strong background in assessing IT and cybersecurity controls, including experience with cloud environments, DevSecOps practices, and digital payment platforms.
• Proven ability to perform tests of controls (design and operating effectiveness).
• Strong understanding of operational processes, risk frameworks, and regulatory requirements.
• Proficiency in using governance, risk, and compliance (GRC) tools and control testing platforms.
• Familiarity with IT control frameworks such as NIST Cybersecurity Framework, ISO 27001, and COBIT.
• Proficiency with GRC platforms and testing tools (e.g., RSA Archer, ServiceNow, or LogicGate).
• Advanced knowledge of data analysis tools (e.g., Excel, SQL) and reporting tools (e.g., Tableau, Power BI).
• Strong understanding of cloud security, data protection technologies, and cybersecurity protocols.
• Experience in managing regulatory audits.
• Ability to work collaboratively with regional and global partners in other functional units; ability to navigate a complex organisation; to influence and lead people across cultures at a senior level.
• Excellent problem-solving skills, inquisitive nature and comfort challenging current practices.
• Proven track record of taking ideas forward without supervision and challenging others, where appropriate.
• Adapt at developing relationships with senior business executives with a reputation for partnering across organisation lines to mitigate risks.
• Highly disciplined, able to work with limited supervision and make independent decisions.
• Strong organisational, project management, and multi-tasking skills with demonstrated ability to manage expectations and deliver results.
• High level of professionalism, self-motivation, and sense of urgency.
• Bachelor’s degree in Computer Science, Information Technology, Risk Management, or a related field.
• Advanced degree (e.g., MS in Cybersecurity, MBA) is a plus.

If the above is of interest please apply to this role or call me on 0207 509 8040 to find out more.

Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates.

About the job

Contract Type: Permanent

Focus: Information Security

Workplace Type: Hybrid

Experience Level: Director

Location: London

Salary: £110,000 - £130,000 per annum

Job Reference: 1GW30T-C4818753

Date posted: 25 February 2025

Consultant: Darius Goodarzi