Role: IT Control Analyst
Location: London, UK(Hybrid)
Duration:6 Months FTC
An experienced controls testing analyst who can validation test a prioritised set of IT and IS controls through enquiry with a control owner/representative.
The control testing analyst will arrange Microsoft Teams-based walk-through meetings with control representatives to undertake the test, asking probing questions to determine if the control activity is being performed satisfactorily and can be evidenced.
The control testing analyst will:
• Schedule walk through meetings
• Prompt for and read supporting process/activity documents/websites beforehand
• Perform testing – enquiry method
• Teams-based meeting
• Ask the control representative to explain the control activities, processes, and operational evidence, along with supporting documentation / websites
• Take notes and screenprints in evidence
• Make the assessment – document the test result
• Determine if the control is adequately designed, effectively operated (risk is managed)
• Write up finding in a templated Word document, plus evidence (screenshots, URLs, …)
• Update the Excel test plan tracker with results
• Notify management and the control representative of the test outcome Controls to be tested The following control domains are to be tested
• Perimeter - Secure Networks and Devices; Threat monitoring and response; Malware protection; Physical security.
• IBS/Critical apps - Change management; Secure Development; User Access Management.
• Resilience/Preparedness - Service Continuity & Recovery Planning; Crisis Response; Vulnerability Management; Physical operational resilience.
• Data - Rest and Transit Protection, Loss Prevention, Access, Accuracy and Completeness, Retention and Disposal.
• Financial Control Framework (FCF) - User Access Management (non-IBS apps); other ITGC areas covered by bullets above e.g., change management.
• Qualifications : CISA
• Knowledge : COBIT, ISO27001, CISM, CISSP; ITIL (mandatory)