Technology Controls Specialist Bristol

Permanent
BS2 0PT Bristol City United Kingdom
Scheduled to publish in 1 hour

NatWest Group

Key Responsibilities

Drive and facilitate IT risk assessments across the bank, focusing on Third Party Risk Management (TPRM), Records Management, and Risk Culture using a technology risk framework.
Build and maintain relationships with stakeholders in Technology and Wealth, ensuring management engagement with operational risk objectives.
Apply effective risk management thinking in an IT environment, anticipating and assessing potential impact of risk across the bank.
Supervise TPRM controls and external outsourcing risks, and respective control environments.
Support critical outsourcing initiatives in the Wealth Chief Digital Information Office (WCDIO) from a risk and SME perspective.
Support management in identifying and assessing material risks, and determining position against risk appetite.
Supervise 3rd party assurance findings, including risk assessment and remediation plans.
Support business service owners with assessment of 3rd party assurance reports (e.g., ISAE, SOC).
Act as first point of contact for WCDIO risk perspective in supply chain management.
Manage an inventory of critical suppliers to WCDIO, tracking risk and control status.
Pro-actively support external audits in WCDIO from a first-line IT risk perspective, contextualizing potential findings.
Own external outsourcing risk reporting for WCDIO.
Support development and delivery of programmes to ensure regulatory compliance.

Skills and Expertise

Experience with external outsourcing control environments.
Practical experience in risk management methodologies.
Understanding of operational risk application in a technology environment, focusing on TPRM and Records Management.
Experience in a risk or control technical role within financial services.
Risk assessor accreditation under the technology risk framework, or working towards a risk, audit, or control qualification.
Fundamental understanding of TPRM risks and key controls.
Solid experience in IT risk management practices and frameworks.
Experience in IT auditing.
Experience in risk reporting.
Strong communication skills, including the ability to explain technical concepts to non-technical audiences.

Job Facilities/Benefits

Full-time or part-time options available (minimum 30 hours per week).