The IT Risk & Controls Manager is responsible for ensuring effective risk & security controls are implemented within the organisation. The role holder is responsible for identifying security threats and risk within IT and highlight any issuers or concerns to senior management within IT and the organisations Risk function. 

• The IT Risk & Controls Manager is responsible for ensuring effective risk & security controls are implemented within the organisation. The role holder is responsible for identifying security threats and risk within IT and highlight any issuers or concerns to senior management within IT and the organisations Risk function. 
• There is a requirement to work closely with internal and external audit teams, support technology on the response to findings and ensure actions are progressed.  This will include attendance where possible at audit scoping workshops and exit meetings.
• Manage review findings, analysis and follow up to ensure that the department maintains a controlled environment.  Update project closure report actions to ensure appropriate and prompt completion.
• Develop a framework of ‘self audit’ in relation to the IT environment against required standards and monitor compliance and performance accordingly.
• Monitor the company Risk Management System (RMS) returns to ensure that all managers and staff follow the process as required.  Outstanding items from audit and compliance to be investigated and results forwarded to senior IT management.  Follow up action to be taken promptly.  Co-ordinating Control Environment Action Log (CEAL) reports and submission to IT management and Risk  and / or Compliance teams as required.
• Production and management of the Information Technology Risk Matrix.(ITRM)  Coordination of any key tasks and deliverables arising from the risk matrix and liaison with the technology risk owner. 
• Production of regular reporting metrics and risk / issues heat map management.  In conjunction with senior IT management provide input to the organisations operational risk framework to ensure full transparency of risks and issues through IT and into the business environment.
• Work with the relevant IT management to ensure that any risks relating to production stability and operational robustness are highlighted and where appropriate produce supporting business cases for avoidance / investment.
• Produce appropriate Management Information (MI) for the benefit of the Technology Operations Management Team

Within IT

• Owns and maintains the Risk & Control Environment process and standards.
• Manages elements of and delivers infrastructure and development related risk, audit and control reports.
• Reports monthly and when required to Head of Technology Operations and IT Security Manager in relation to impact of control and risk items.
• Provide a quarterly briefing on the activities and achievements of the IT control structure.
• Influences and advises Senior Managers and Heads within IT and the business on the IT control framework and strategy.
• Manage Internal and External audit findings, analysis and follow up, ensuring audit recommendations are delivered in the agreed time frames.
• Attendance at audit workshops and exit meetings (includes business exits).
• Project closure report (PCR) actions and recommendations.
• Risk Management System monitoring of control completion and periodic update (reflecting new controls risks/vulnerabilities and changes).
• Manage IT Risk acceptance records including authorisation, renewal and closure prior to expiration.
• Control Evaluation Action Log (CEAL) review and guidance on completion.
• LGIM risk matrix completion and update with Risk Manager.
• Update and reconciliation of current RMS with  Control Objectives for Information Technology (COBIT) control objectives (processes)
• Using COBIT as a base framework report on the robustness of the IT Technology Operations function.
• Provide technology wide learning sessions in relation to risk management and best practice compliance
• Production of reports detailing system and application access across LGIM business and user population.
• Produce risk, control security policies, standards and processes across IT
• Provide risk, control & security risk assessments
• Administration of risk governance meetings.

• Strong Academic background
• CISA (Strong preference)
• Pro-active in terms of supporting the wider IT Team.
• Good analytical skills, enquiring mind, with a tenacious approach.
• Commercial and strategic approach to management of risk and controls
• Accurate with attention to detail.
• Strong organisation skills and able to work to deadlines.
• Good communication skills, both written and verbal.
• Confident and able to present in structured manner.
• Common sense approach.
• Good team player.
• Knowledge of; ISO27001, PCI DSS

Desirable: CoBIT 5, CISM, CISSP, ITIL

Whatever your role, we reward ability, performance and attitude with a package that looks after all the things that are important to you. Our employees have a wide range of benefits including a generous pension scheme, life assurance, 25 days' holiday, private medical insurance, performance related bonuses, a variety of share schemes, discounts at both a huge range of high street stores and our own great products, your hard work will be rewarded when you join us.