Controls Assurance and Risk Analyst

AMP Capital is a specialist investment manager with offices in Australia, New Zealand, Japan, China, Hong Kong, India, London, Chicago, New York, California, Ireland and the Middle East. We are a leading global real estate and infrastructure manager and the combination of our scale, breadth and capability provides access to superior investment opportunities for our clients.

The AMPC Technology & Innovation vision is to be recognised as a high performing technology function, one that is built on a foundation of secure, automated, and real-time data driven technologies, enabled by a team that is seen as innovative, agile, commercial, that is continuously learning and that has an excellent risk mindset.

Due to increasing workload we are now seeking to appoint a Controls Assurance and Risk Analyst to the team. This role is reporting to and supporting the Tech Risk and Cyber Manager in managing the oversight of technology and cyber security risk across AMP Capital. This includes evaluating the strength of the first line controls and determining the holistic level of technology/cyber threats.

This role will also take responsibility for facilitating the appetite statements relating to AMPC Technology and Cyber risks, risk workshops, IT Risk reporting to management, conducting risk control self-assessment (RCSA) and performing controls assurance of IT critical risks (i.e. testing design and operating effectiveness of IT controls).

The successful candidate will;

• Contribute to development and implementation of Technology and Cyber Security Control Assurance Framework which supports the AMP Capital business model and compliance with applicable regulations.
• Develop and contribute to Controls Assurance Plan. Identify critical risks and key controls to be tested
• Conduct Controls Assurance (design and operating effectiveness) and critical controls in AMPC Technology
• Liaison with assurance providers, including AMP Group wide Internal Audit, external auditors, regulator and 2nd Line Risk, including proactive management of assurance engagement and runway, oversight of audit observations and remediation actions with agreed reporting to internal and external stakeholders.
• Ensure that AMPC Technology meets requirements of regulator / audit / governance committee
• Assist in providing internal and external audit requirements.
• Ensure that audit issues/actions are managed, addressed and closed appropriately
• Identify opportunities for security controls optimisation in line with emerging threats internally and externally. Support identification of appropriate, fit for purpose and cost-effective control solutions, and adopting new security technologies to support effective and efficient management of risk and controls.
• Role model and drive pro-active risk culture and risk management in Technology
• Work collaboratively with Technology Functional Heads, Business Unit Leadership teams and ERM to ensure AMP Capital has an effective Technology Risk Management Framework.
• Delivering outstanding 1st line (Tech Risk and Cyber) support across AMPC Technology. Assist in the management of the Issues Management (including audit activity), in line with ERM standards.

Experience

• Strong experience in technology and cyber risk management (minimum of 5 yrs. experience in technology operational risk management for financial institutions or any large organisation)
• Demonstrated competencies with Technology Risk activities within the Three Lines of Defence model
• Sound knowledge of regulatory requirements for operational risk (e.g. Basel II, GS007, AS3402) and experience working with common technology industry standards such as COBIT 5, COSO, ITIL, NIST, ISO31000, ISO27001, etc.)
• Strong knowledge of Financial Services, investment management company or similar organisations
• Ability to analyse trends, identify critical threats and opportunities, diagnose problems and issues and recommend appropriate actions
• Ability to exercise initiative and prudence in following through on risks, issues and remediation actions
• Sets challenging goals and standards of excellence beyond current
• Strong relationship building, reasoning ability and negotiation/influencing skills
• Advanced oral and written communication skills, including the ability to influence across a range of stakeholder groups
• Extremely comfortable in working with business, technical people, from senior management to line staff
• Experience in a consulting role (strategy, process re-design) or an audit role.IT Audit experience would be beneficial, as would CISA, CRISC, CISM or other IT Risk related certifications
• Degree qualified in a relevant subject with additional qualifications and certifications necessary

Advertised: 14 Apr 2021 9:00 AM AUS Eastern Standard Time
Applications close: 01 May 2021 5:00 PM AUS Eastern Standard Time