IT Audit & Risk Officer
- Recruiter
- Land Securities Properties Ltd
- Location
- London, London, United Kingdom, United Kingdom
- Salary
- Competitive salary
- Posted
- 29 Nov 2021
- Closes
- 29 Dec 2021
- Ref
- R0002284
- Job role
- Audit, Compliance/risk
- Sector
- IT/Telecoms
We're Landsec
Sustainable places. Connecting communities. Realising potential. We live by these principles to create great experiences for people, now and in the future.
We create places that make a lasting positive contribution to our communities and our planet. We bring people together, forming connections with each other and the spaces we create. And we provide our customers, partners and people with a platform to realise their full potential.
The primary duties of this role include:
Principal accountabilities
Key competencies
Knowledge, experience, and qualifications
Essential
Sustainable places. Connecting communities. Realising potential. We live by these principles to create great experiences for people, now and in the future.
We create places that make a lasting positive contribution to our communities and our planet. We bring people together, forming connections with each other and the spaces we create. And we provide our customers, partners and people with a platform to realise their full potential.
The primary duties of this role include:
- Providing risk management and reporting skills in a technical and non-technical capacity to provide visibility to stakeholders and help protect the digital assets of the company.
- Measuring and improving compliance to company risk standards and policies.
- Performing activity to ensure adherence to audit and risk controls.
- Contributing to audit discovery work and audit actions.
Principal accountabilities
- Communicates information security risks and issues to business managers and others. Performs basic risk assessments for small information systems. Contributes to vulnerability assessments. Applies and maintains specific security controls as required by organisational policy and local risk assessments. Investigates suspected attacks. Responds to security breaches in line with security policy and records the incidents and action taken.
- Investigates and reports on hazards and potential risk events within a specific function or business area.
- Interprets information assurance and security policies and applies these in order to manage risks. Provides advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines. Uses testing to support information assurance. Contributes to the development of policies, standards and guidelines.
- Maintains a knowledge management database by leveraging knowledge of a specialism in order to capture and classify content, taking expert advice when required.
- Applies tools, techniques and processes to create and maintain an accurate asset register. Produces reports and analysis to support asset management activities and aid decision making.
- Conducts formal audits or reviews to ensure compliance with organisational standards for activities, processes, data, products or services. For projects, development or support activities; plans, organises and conducts audits and determines whether appropriate quality control has been applied. Collates, collects and examines records, analyses the evidence and drafts all or part of formal compliance reports. Determines the risks associated with findings and non-compliance and proposes corrective actions.
- Plans formal reviews of activities, processes, products or services. Evaluates and independently appraises the internal control of processes, based on investigative evidence and assessments undertaken by self or team. Ensures that independent appraisals follow agreed procedure and advises others on the review process. Provides advice to management on ways of improving the effectiveness and efficiency of their control mechanisms. Identifies and evaluates associated risks and how they can be reduced.
- Provides advice and guidance in the use of organisational standards. Performs quality assurance reviews of suppliers and throughout the supply chain.
- Supports projects, functions or teams in the development of project and/or operational methods for measurement. Specifies base and derived measures which support agreed information needs. Identifies and prioritises appropriate measures, scales, and targets. Specifies how to collect and store the data for each required measure. Provides guidance on collection of data including automation. Designs reports and reporting formats.
- Performs simple security administration tasks. Maintains relevant records and documentation.
Key competencies
- Works under general direction. Uses discretion in identifying and responding to complex issues and assignments. Receives specific direction, accepts guidance and has work reviewed at agreed milestones. Determines when issues should be escalated to a higher level.
- Influences customers, suppliers and partners at account level. May have some responsibility for the work of others and for the allocation of resources. Participates in external activities related to own specialism. Makes decisions which influence the success of projects and team objectives. Collaborates regularly with team members, users and customers. Engages to ensure that user needs are being met throughout.
- Work includes a broad range of complex technical or professional activities, in a variety of contexts. Investigates, defines and resolves complex issues.
- Has a sound generic, domain and specialist knowledge necessary to perform effectively in the organisation typically gained from recognised bodies of knowledge and organisational information. Demonstrates effective application of knowledge. Has an appreciation of the wider business context. Takes action to develop own knowledge.
- Communicates fluently, orally and in writing, and can present complex information to both technical and non-technical audiences.
- Plans, schedules and monitors work to meet time and quality targets.
- Facilitates collaboration between stakeholders who share common objectives. - Selects appropriately from applicable standards, methods, tools and applications.
- Fully understands the importance of security to own work and the operation of the organisation. Seeks specialist security knowledge or advice when required to support own work or work of immediate colleagues
Knowledge, experience, and qualifications
Essential
- Common Microsoft platforms and productivity technologies
- Cyber and risk management and reporting frameworks
Similar jobs
-
New
-
New
-
New