Senior Risk Manager

Overview

• Managing the annual PCI and SOC audits as well as customer assurance requests • Performing internal reviews to identify any controls gaps and managing remediation • Demonstrating the team’s core values; Focus, Collaboration, Awareness and Delivery

Responsibilities

Gathering and reviewing audit evidence.  [Employer hidden — view at passion-project.co.uk] undergoes SOC and PCI audits and has an established programme of gathering evidence from various teams at regular intervals, reviewing, providing feedback and remediating any issues in a timely manner.  The role entails day to day management of this process. Customer assurance.  [Employer hidden] receives questionnaires and assessment requests from customers as part of their vendor risk management programmes.  [Employer hidden] completes these questionnaires using the Shared Assessments Standard Information Gathering (SiG) questionnaires.  The role entails maintaining the SiG questionnaires and delivering on customer requests in an effective and efficient manner.  Process and controls reviews for improvement.  Agreed and established processes and controls require frequent compliance reviews which may identify opportunities for further improvement or efficiencies.  The role entails conducting such reviews, identifying improvements and ensuring these are adequately implemented.  Audit preparation and management.  This involves gathering, sorting and saving evidence on the portal for external assessor’s review and coordinating the various assessment activities at multiple locations.  The role entails managing this process from start to successful completion in a timely manner.  Demonstrating the team’s core values; Focus, Collaboration, Awareness and Delivery.  Effective delivery requires focus and collaborating with various teams to gather evidence, avoiding duplication of effort, sound understanding of IT risks and controls as well as technical knowledge of IT systems, operating systems and applications Delivery against the agreed deadlines and continually learning about [Employer hidden]’ environments Maintaining confidentiality as the team may be privy to sensitive company and customer information

Qualifications

Team player who can work in a collaborative environment Effective communication and interpersonal skills Strong analytical, report writing and presentation skills Keen learner and committed to presenting high quality deliverables within agreed timescales IT risks and controls Technical knowledge of IT systems; operating systems and applications IT auditing PCI DSS and SOC requirements At least 10 years’ experience in managing IT audits including PCI and SOC reporting Degree in IT or equivalent CISA or CISM qualified

If you are passionate about technology, love personal growth and opportunity, come see what [Employer hidden] is all about!

[Employer hidden] is an equal opportunity employer. [Employer hidden] evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.