Role Profile

Senior Compliance Analyst 

 

Division/Dept. 

Data Governance and Information Security (DGIS)

 

Location 

Hybrid working with base location of Coventry or London

 

Reporting to 

Compliance Manager 

 

In a nutshell 

As a Senior Compliance Analyst, you’ll play a key role in driving the compliance assurance programme and will be responsible for delivering, monitoring and reporting on the annual testing programme on IT controls and Information Security (IS) control requirements. You’ll be responsible for driving continuous maturity and improvement; and you'll support the delivery of operational effectiveness testing controls. 

 

You’ll be responsible for defining the controls testing roadmap, and communicate this with key stakeholders and senior management, as well as driving and reporting on key outputs and remediation activities. Additionally, you’ll recommend and drive process enhancements across key control areas, whilst seeking out opportunities to drive compliance activities that support the broader compliance strategy. 

 

What you need to do 

Responsible for delivering the annual assurance programme such as across IS and IT controls, including developing testing scenarios to support design and operating effectiveness testing  Own and manage the assurance testing roadmap and schedule, and provide key support to the overall Compliance strategy Responsible for analysing the adoption of processes, documentation and controls  Contribute and deliver key reporting for the Audit Committee and Data Governance Committee Drive and own the continuous assessment of IS and IT control effectiveness across the business, raising appropriate risks or defining remediation requirements Responsible for driving remediation plans across the business to improve maturity, mitigations and reduce risk Own and drive improvements to process and documentation, to support controls testing and implementation of policy requirements Responsible for ensuring the integrity and efficiency of audit records and compliance activity Support with internal Data Governance and Information Security projects where necessary Be the liaison and maintain a good relationship with stakeholders to drive resolutions to any issues

 

What you need to know and show 

Essential Criteria

 

Demonstrable experience of delivering an assurance testing programme across industry frameworks and regulations, such as but not limited to NIST-CSF, Cyber Essentials, ITGC and ITACs, FRC/Corporate Governance Code, and other relevant frameworks and regulations for example COBIT2019 or COSO Ability to collaborate effectively with a range of business stakeholders, and support the wider agenda Pro-active in tracking upcoming industry changes, interpreting how may these impact the business and have the ability to implement where necessary

Additional Criteria

Demonstrate ability to learn and understand business processes particularly those covering Finance, Technology and Information Security. Previous experience of IT audit either within an external audit or an internal audit role would be desirable  Experience of working with internal/ external auditors and ability to manage appropriate timelines, resolve findings and contribute to continuous improvement initiatives from audit outcomes Ability to think methodically and logically; and communicate using spoken and written word  Familiar with standard IT and IS processes and controls such as identity and access, change management, third-party management. Be able to proactively identify and own any issues and follows through to resolve them Ability to prioritise own workload and delivery quality results on time, and to budget Certifications such as CISA and ISO 27001 Lead Auditor are desirable but not essential

 

Support we will provide 

Your line manager will provide support and guidance  Access to the Compliance, ITGC, GRC, Finance, Data Governance and Infosec teams who have a wide array of skills and knowledge  Extensive support and training materials available relating to NIST, IT General Controls, PCI-DSS and GDPR  Other resources as required 

Date of last job evaluation 

 28/11/2024

 

Hay rating 

C5

 

Please note: This role profile is aimed at describing the core output that should be achieved in this role. It is not intended to include specific tasks, temporary activities, or projects to recognise flexibility in a changing context.