IT Risk & Controls Analyst (Controls Testing)

This role is critical in strengthening Shawbrooks first line technology control environment.  By delivering robust control testing and effective risk management support the IT Risk & Controls Analyst helps ensure that Technology and Cyber risks are understood managed and reported appropriately protecting the Bank supporting regulatory compliance and enabling safe and sustainable growth. 

The IT Risk & Controls Analyst supports the effective management of technology and cyber risk within the CTO function. The role is responsible for executing and documenting control testing across the different technology departments including Technology & Cyber Data Governance & Quality and Transformation (Change) ensuring risks and issues are accurately recorded and tracked and contributing to high-quality risk reporting. 

The individual will operate within the First Line of Defence working collaboratively with Technology Cyber Security Data and Change teams as well as the central Risk and Controls and Second Line Risk functions to ensure Shawbrook maintains a strong and well-evidenced control environment aligned to regulatory expectations (PRA/FCA/FRC) and internal risk management standards. 

This is a fantastic opportunity to sit at the heart of Technology in a growing specialist bank and play a visible role in strengthening how we manage risk. As IT Risk & Controls Analyst you will move beyond traditional controls testing to directly influence how Technology Cyber Data and Change departments operate safely and effectively at scale. 

Key Responsibilities  

Control Testing & Assurance 

• Plan document and execute control testing across the different technology functions including Technology & Cyber Data Governance & Quality and Transformation / Change. 
• Assess control design and operating effectiveness clearly evidencing outcomes and identifying control gaps. 
• Produce concise test reports agree remediation actions with control owners and track issues to closure. 
• Coordinate testing schedules with the central Controls function and ensure consistency of methodology and documentation. 
• Support continuous improvement of the Technology control environment identifying opportunities for automation and maturity uplift. 

Risk & Issue Management 

• Support the accurate logging maintenance and quality assurance of risks and issues within AuditBoard (GRC tool). 
• Monitor remediation activity ensuring actions are tracked evidenced and escalated where required. 
• Support audit and regulatory engagement by ensuring risk and control artefacts are complete current and defensible. 

Risk Reporting & Governance 

• Contribute to monthly Technology risk reporting including control testing results risk profile movements issue status and key themes. 
• Support preparation of materials for CTO and Risk governance forums. 
• Support RCSA cycles risk assessments for new initiatives and oversight of material change. 
• Contribute to regulatory audit and assurance interactions as required. 

Qualifications :

Essential 

• Experience in IT risk technology controls internal controls testing or IT audit (First Second Third Line or IT External Audit). 
• Strong understanding of technology and cyber risk domains (e.g. access management change management IT operations security SDLC incident management data governance). 
• Experience documenting and executing control tests including evidence gathering and evaluation. 
• Strong written skills with the ability to produce clear structured documentation and reports. 
• Familiarity with GRC tooling (e.g. AuditBoard or equivalent). 
• Good understanding of risk management principles within a regulated environment. 
• Strong stakeholder engagement skills with the confidence to challenge constructively. 
• Analytical mindset with strong attention to detail. 
• Operate autonomously while maintaining alignment with team objectives. 

Desirable 

• Experience within a UK regulated bank financial services firm or a Consultancy. 
• Awareness of FRC (UK Corporate Governance Code)/PRA/FCA regulatory expectations Operational Resilience and SMCR. 
• Knowledge of control frameworks (e.g. SOx COBIT ITIL NIST ISO 27001). 
• Professional qualifications (or working towards) such as CISA CRISC CISSP or equivalent. 
• Experience supporting change / transformation risk oversight.  

Additional Information :

Your Wellbeing - We take your health and well-being very seriously by providing a range of benefits to give you and your family peace of mind. These include:

• Market leading family friendly policies such as access to our Maternity Adoption and Paternity policies from Day 1 of your employment
• Free access to Headspace a mindfulness & meditation digital health app
• Free access to Peppy digital health app that offers personalised support through fertility treatment becoming a parent or menopause
• EAP (Employee Assistance Programme) - Offering you support on a wide range of subjects including financial concerns mental wellbeing and more general queries around family work housing and health
• Cycle to work scheme
• Discounts on gym membership
• Contributory pension scheme & death in service

Your Lifestyle - Its important you strike the right balance between your work and personal life. We provide benefits to support you when at work and when youre enjoying your leisure time.

• Minimum of 27 days holiday per year
• Option to buy or sell holiday days through our flexi-holiday scheme
• Discounts on gym membership nationwide
• Access to discounts on a range of high street and online brands
• Community support and charitable giving

Your Contribution - Were focused on rewarding those that go the extra mile in helping us achieve our goals.

• Participation in our annual discretionary bonus scheme designed to reward your contribution to our success
• Proudly Shawbrook recognition scheme focused on recognising our role models and thanking our colleagues for a job well done

Remote Work :

No

Employment Type :

Full-time