Job Details

Business Analyst - Risk Governance/ CISSP

London, Glasgow City, United Kingdom, Contract

Posted: 6 hours ago


Business Analyst - Risk Governance
Location: United Kingdom: Glasgow
12 months

Department Profile
Technology works as a strategic partner with business units and the world's leading technology companies to redefine how we do business in ever more global, complex, and dynamic financial markets. The sizeable investment in technology results in quantitative trading systems, cutting-edge modelling and simulation software, comprehensive risk and security systems, and robust client-relationship capabilities, plus the worldwide infrastructure that forms the backbone of these systems and tools. Our insights, our applications and infrastructure give a competitive edge to clients' businesses and to our own.

Technology & Operations Risk organization enables the Firm to manage its technology related risks through implementing proactive, comprehensive and consistent risk management practices across the Firm to protect the franchise while capturing business opportunities.

The TOR team partners with the business by ensuring that the Technology division understands how to manage escalate and monitor risk.

Primary Responsibilities

  • The role's responsibilities include:
    Lead a program of transformational change that will integrate the Technology risk assurance processes from 4 different acquisitions into understanding, interpret current state across all acquisitions of Technology Risk assurance processes and architect an interim and target operating model
  • Perform in-depth analysis of controls landscape across all acquired companies
  • Communicate important information and insights to business and IT stakeholders on both and its acquired business equivalents.
  • In-depth business analysis and mapping of controls, making recommendations to adapt existing business strategies-Participation in Transformation Squads working within the AGILE framework.


  • Working knowledge of key Technology concepts e.g. data classification, protection, policies, governance, privacy, security assessment tools-Understanding of key concepts related to risk assessment and control
  • Engages in process-based thinking to effectively obtain, analyse and interpret information, identify root causes of problems, and draw the appropriate conclusions
  • Working knowledge of technology applications and can identify and validate risk and controls-Understanding of the relevant local technology risk regulations and the associated application to a financial services business

Desired Skills and Competencies

  • Excellent written and verbal communication skills
  • Good organizational skills; a high degree of attention to detail and ability to manage multiple priorities
  • Business/Product Knowledge: Familiarity and experience with electronic trading platforms is a strong plus, but is not required

Education, Background & Experience Required

A minimum of 5 years of relevant risk experience from roles in any of the following:
-Audit (internal or external)
-Risk Officer / Information Security Officer
-Technology Risk Governance
-Risk Assessment (e.g., RCSA)
-Control Testing (e.g., SOX)
-Information Security / IT Security (e.g., Entitlements Management, Segregation of Duties, Threat Management, Penetration Testing, Strategy)
-Regulatory (e.g., working as a financial services regulator or having experience dealing with regulators)
-Technology / Information Security Policy / Procedures-Process/Risk/Control Frameworks, e.g., COBIT Qualifications

Desired Certifications:
Attainment of the following certifications is a strong plus, but not required:
-Certified Information Systems Auditor (CISA)
-Certified in Governance for Enterprise IT (CGEIT)
-Certified Internal Auditor-Certified Information Security Manager (CISM)
-Certified Information Systems Security Professional (CISSP)
-Certified in Risk and Information Systems Control (CRISC)-ISO 27001 AuditorMorgan

Job Details

London, Glasgow City, United Kingdom