Compliance Control Advisory, Sr. It Analyst

About us

Job Purpose

Key Accountabilities

• Engage with value stream leads, product owners and technical product owners to understand the product development details, validate risks, and collaborate on control design in alignment with regulatory processes, procedures, and frameworks
• Prepare and present comprehensive, clear, concise reports, maintaining objectivity and impartiality
• Ensure automated controls are validated through E2E or UAT testing environments and support Business readiness teams to incorporate manual controls into training documents.
• Continuously evaluate the effectiveness of controls and identify opportunities for improvement
• Execute risk-based testing of automated and IT General Control as assigned, including coordinating with 1st line control owners, second- and third-line teams and Corporate Audit to align with NE Assurance combined assurance initiative. Work with 1st line control owners and performers when control remediation is required. Work closely with 1st line control owners to ensure all deficiencies are addressed in a timely manner
• Work collaboratively with the project teams as well as the broader Gas and Electric Business’s to identify impacts to compliance obligations and key business risks related to the development of new business applications/systems
• Work with IT application owners to provide advisory and consultative services on the design and implementation of controls to support National Grids internal control framework
• Manage relationships with second- and third-line stakeholders, including developing and maintaining effective communication channels and providing timely and accurate information

Key Skills

• Strong technical risk management, governance, and audit skills
• Strong problem solving, and analytical skill capabilities preferred.
• Quickly grasp complex issues and effectively integrate, compile, and analyze complex information and data
• Effectively communicate risks, issues, and related recommendations in both technical and non-technical terms to Operational and IT management
• Knowledge of Agile methodology is a plus.
• Ability to establish rapport with a wide range of stakeholders and develop and maintain network of contacts.
• Understanding of Cyber Security concepts
• Technical understanding of data analysis concepts practices, and emerging technologies

Qualifications

• Strong technical risk management, governance and/or audit skills, understand risk assessment techniques, and 1st, 2nd, and 3rd lines of defense frameworks.
• Experience in leveraging technology (e.g., RPA, CCMs (continuous controls monitoring) to improve overall control environment will be highly desirable
• Ability to conduct independent risk assessments of information systems and IT infrastructure
• Proactive self-starter with ability to manage own workload, and produce high quality work product
• Exposure to GRC tools preferred
• Experience of a regulated utility environment will be plus
• Bachelor's degree in business administration, Accounting, Information Technology, or relevant field. Professional certification or equivalent in relevant area (e.g., Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) or working towards qualification
• Pragmatic attitude and can adapt quickly to a changing environment
• 3+ years’ experience in IT Audit or SOX
• Technical knowledge of IT NG systems a plus
• Extensive knowledge of IT General Controls, SOX compliance and software development practices

More Information