Risk Analyst - London, United Kingdom - Synapri

Description

Job Description

Synapri are currently seeking an interim Risk Analyst on a full time (hybrid working basis) for a digital finance organisation based in London.

The Risk department manages non-financial risk, project management of internal and external assurance programmes, third party risk management, business continuity planning among other responsibilities.

A flexible function that has a very broad remit across the business, who value adaptability and the ability for individuals to operate in ambiguous situations.

You will support the Risk team with the Risk Programme, Third Party Risk Management and Cyber Assurance teams and your key responsibilities will include:

• Undertaking regular reviews of the Risk Management standards in line with best practices and industry standards.
• Embedding requirements into key business processes.
• Advising on the design and implementation of key security controls.
• Deliver related communications, training, and awareness.
• Partnering with teams across technology and the business to ensure compliance requirements are understood.
• Coordinating engagements with internal and external auditors. Support third-party assessments including due diligence activity, compliance questionnaires, vendor assurance, and RFPs.
• Developing and maintaining ISMS. Maintaining processes and documentation to support compliance in a manner that can be evidenced in relation to industry and regulatory drivers such as ISO27001 and SOC2 and driving appropriate improvements.
• Conducting assurance testing on control effectiveness and providing recommendations.
• Monitoring and reporting on compliance gaps.

Essential Experience

• Experience in Operational / Non-financial Risk, preferably in the financial service or technology space.
• Knowledge of security, industry, and regulatory compliance frameworks and drivers such as NIST, ISO, SOC2, GDPR.
• The ability to identify, analyse and propose risk mitigating actions risks in cloud-native environments.
• Exposure to policy and procedure creation, technical assurance testing, security training and awareness, third-party management.
• Familiar with Third party Risk management and associated frameworks/best practices.