Technology Risk and Control Analyst (12 month FTC)

We are seeking a highly skilled and detail-oriented Internal ICT Risk Analyst to join our team. The successful candidate will be responsible for identifying, assessing, and mitigating technology risks within the organisation. As our organisation is maturing in its approach to effective Risk and Control Management, this role will play a crucial part in supporting the development and implementation of robust risk management practices. The organisation does not yet have Governance, Risk, and Compliance (GRC) tooling in place, so the analyst will need to work closely with various departments to ensure that technology controls are effectively designed and implemented to safeguard the organisation's assets and data.

• Assist in the identification and assessment of technology risks and issues.
• Conduct control testing to evaluate the design and operating effectiveness of technology controls and document test results in accordance with established methodologies.
• Monitor the progress of remediation efforts and track the implementation of corrective actions.
• Work collaboratively with all stakeholders, including the second and third lines of defence, to ensure operational efficiency and resilience in internal assurance activities.
• Prepare summary Risk, Control reports, and communicate findings to management and key stakeholders.
• Develop and enhance dashboards for monitoring Key Risk Indicators (KRIs), Key Performance Indicators (KPIs), and control effectiveness.
• Collaborate with IT and other departments to ensure compliance with regulatory requirements and internal policies.
• Stay updated with the latest industry trends and best practices in technology risk management.
• Promote a strong risk culture in the organisation through training and awareness of effective technology controls.
• Track and manage effective remediation for key audit findings.
• Ensure that all control activities comply with relevant regulatory requirements and industry standards.
• Identify opportunities for continuous improvement in risk management and control processes.
• Maintain comprehensive documentation of risk assessments, control testing, and remediation efforts.
• Facilitate regular communication with stakeholders to keep them informed about risk and control activities and any emerging issues.
• Support the integration of new technologies and systems into the existing risk management framework.

• Professional Experience:Ideally, the candidate should have at least2-3 yearsof experience in technology risk management or a related field. This experience should include conducting risk assessments, developing and implementing risk mitigation strategies, and monitoring the effectiveness of technology controls.
• Industry Knowledge:The candidate should have a strong understanding of regulatory requirements and industry standards related to technology risk management. Experience in working with frameworks such as NIST, ISO 27001, or COBIT would be beneficial.
• Technical Skills:Proficiency in using risk management tools and software, as well as a good understanding of IT systems and infrastructure, is preferred. The candidate should also have experience in collaborating with IT and other departments to ensure compliance with regulatory requirements and internal policies.
• Certifications: Certifications:Professional certifications such as CRISC (Certified in Risk and Information Systems Control) or CISA (Certified Information Systems Auditor) are preferred but not essential

• A bachelor’s degree in information technology, Computer Science, or a related field is preferred but not essential.
• Strong understanding of Technology controls including IT General Controls (ITGC’s)
• Familiarity with relevant frameworks and standards such as COBIT, ISO27001 and SOX.

• Proven experience in technology risk management or a related field.
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills.
• Ability to work independently and as part of a team.
• Knowledge of regulatory requirements and industry standards related to technology risk management.

ABOUT US

Chaucer is a leading insurance group at Lloyd’s, the world’s specialist insurance market. We help protect industries around the world from the risks they face. Our customers include major airlines, energy companies, shipping groups, global manufacturers and property groups.

Our headquarters are in London, and we have international offices in Bermuda, Copenhagen, Dubai and Singapore to be closer to our clients across the world. To learn more about us please visit our website.

Chaucer is committed to diversity, actively values difference and respects people regardless of the protected characteristics which are outlined in the Equality Act 2010 (UK legislation) as a result of the Equal Treatment Directive 2006 (EU legislation).

A diverse workforce and an inclusive workplace are core to our success as a business and integral to our winning strategy and culture. We recruit from the widest available pool of talent, and our hiring, assessment and selection process is fair, free from bias and one which ensures we select the right person for the job, based on merit. We are committed to promoting a culture that actively values difference, and recognises that everyone has the right to be treated with dignity and respect throughout their employment.

We are open to considering flexible working arrangements for all roles and encourage you to outline your needs during the interview process.