IT Risk Assurance Analyst

Social network you want to login/join with:

Howden is a collective – a group of talented and passionate people all around the world. Together, we have pushed the boundaries of insurance. We are united by a shared passion and no-limits mindset, and our strength lies in our ability to collaborate as a powerful international team comprised of 18,000 employees spanning over 100 countries.

People join Howden for many different reasons, but they stay for the same one: our culture. It’s what sets us apart, and the reason our employees have been turning down headhunters for years. Whatever your priorities – work / life balance, career progression, sustainability, volunteering – you’ll find like-minded people driving change at Howden.

Howden is looking for an IT Risk Assurance Analyst to join their central IT Governance team. The role involves supporting the implementation and maintenance of an IT internal control framework based on COBIT principles. Responsibilities include managing risk, facilitating internal and external audits, and improving current IT risk management policies and standards.

Please note this is a full-time, permanent role based in our Central London office. The role follows a hybrid work pattern and the expectation is to be onsite 3 days per week on average.

Role Responsibilities:

Control Framework

Working as part of the IT Assurance team to maintain the IT internal control framework.

Embed the IT internal control framework into the Organisation through implementation workshops covering controls and policies (i.e. Logical Access, Change Management and IT Operations).

Assist with streamlining the framework in line with Howden’s objectives.

Identify changes to the IT internal control framework that will improve efficiency and effectiveness including eliminating duplicate/redundant controls and increasing automation.

Ensure that there is continuous improvement of the IT internal control framework so that it follows a top-down risk-based approach.

Take a fresh look at the IT internal control framework to eliminate/change key controls and improve efficiency and effectiveness whilst mitigating risk appropriately.

Liaise with countries on questions arising from the IT internal control framework to drive consistency across Howden Group.

Managing the implementation of the IT internal control framework to new countries brought into scope.

Provide regular training and awareness to the community including IT Risks and Controls plus operation of the attestation platform.

Run the management self-attestation programme on a quarterly basis including: (1) Evaluate and consolidate results, (2) Monitor exceptions, (3) Review remediation plans defined by IT component owners, (4) Report the status of the self-attestation programme

Assess key applications and provide expertise for SOX.

Manage and coordinate IT requirements for DORA.

The IT Risk Assurance Analyst is expected to be a subject matter specialist on IT Risk Management. You will review annual market scoping and risk assessment to reflect changes.

Perform the Group IT Risk management review on a quarterly basis that includes: (1) Perform the likelihood and impact risk analysis (risk measurement) and assess risk categorisation with risk owners, (2) Manage the mitigation process / mitigation strategies through control identification/confirmation with risk owners, (3) Assess the Group IT control status, (4) Update the CAMMS Risk platform

Perform information security risk assessment to identify risk areas not addressed by existing process IT controls.

Help enhance existing IT risk management policies and standards.

Review the maintenance and updates to IT risk management policies.

Internal and External Audit Management

Summarised IT internal and external control observations status to the Audit Committee on a quarterly basis.

Assist Howden Group/Countries with Internal/External Audit findings (including overdue findings).

Follow up Internal/External audit IT control observations status with relevant stakeholders on a regular basis.

Coordinate IT risk management activities with Internal Audit and external auditors.

Role Requirements:

Previous experience in a similar IT role where you would have been responsible for IT internal controls and processes, preferably within the insurance sector of financial services industry.

Experience of working on large projects or programmes within IT Change.

Demonstrated knowledge of IT internal controls and familiarity with COBIT or other similar IT risk management standards.

General knowledge and work experience in Risk Management or related fields such as Audit, IT Security or Business Continuity.

Familiarity with the controls related to the EU Digital Operational Resilience Act.

What do we offer in return?

A career that you define. At Howden, we value diversity – there is no one Howden type. Instead, we’re looking for individuals who share the same values as us:

Our successes have all come from someone brave enough to try something new

We support each other in the small everyday moments and the bigger challenges

We are determined to make a positive difference at work and beyond

Reasonable adjustments

We're committed to providing reasonable accommodations at Howden to ensure that our positions align well with your needs. Besides the usual adjustments such as software, IT, and office setups, we can also accommodate other changes such as flexible hours* or hybrid working*.

If you're excited by this role but have some doubts about whether it’s the right fit for you, send us your application – if your profile fits the role’s criteria, we will be in touch to assist in helping to get you set up with any reasonable adjustments you may require.

*Not all positions can accommodate changes to working hours or locations. Reach out to your Recruitment Partner if you want to know more.