IT Risk Assurance Advisor / IT Auditor

  • Location


  • Sector:

    Power and Nuclear

  • Job type:


  • Salary:

    £50,000 to £55,000

  • Contact:

    Heidi Thomas

  • Contact email:


  • Published:

    over 4 years ago

  • Expiry date:


Working with a large UK based utilities firm, this position is wholly responsible for managing the annual and cyclical IT risk and assurance audits. Reporting into an Assurance Manager and working alongside a team of 15, you would be responsible for performing IS/IT control reviews of business areas throughout the business including ad hoc investigations, and to report findings, conclusions and recommendations arising from those reviews to the Risk and Assurance Manager and Head of Risk and Assurance as appropriate.

Key accountabilities:

  • Ensuring that all work allocated by the Head of Risk and Assurance or Risk Assurance Manager is completed on time and in accordance with the departmental methodology. It is anticipated that the job holder will prepare review scoping, delivery and reporting deliverables for review by the Risk Assurance Manager
  • Taking responsibility for ensuring that risk and quality expectations are met on assignments. Identify and evaluate areas for potential improvement in processes and controls while ensuring that all work adds value to the business
  • Helping to develop our Tech Risk capabilities by taking an active role in coaching and developing skills within the team
  • Supporting the development of new technology risk propositions in response to changes in industry, regulation and technology
  • Contributing directly to efforts to raise the profile of the Risk and Assurance function
  • The job holder's principal challenge will be ensuring that the business maintains an adequate control environment given the current emphasis in the business on efficiency improvements and cost savings

Essential experience:

  • Significant experience and track record of delivering a range of IT Risk and Control services, including subject matter expertise in one or more of the disciplines listed above
  • Good knowledge of a broad range of technology systems and infrastructure components (e.g. applications, operating systems, databases, networks); and related concepts such as digital and cloud
  • Good understanding of technology process and risk methodologies, good practice frameworks and industry standards (e.g. ITIL and COBIT)
  • Strong business acumen – Ability consider broader business and industry issues or impacts when analysing issues or advising clients
  • Strong project management and organisational skills; detail-oriented and ability to multitask
  • Functional expertise in network control systems (e.g. SCADA) in addition to enterprise applications / infrastructure (e.g. ERP, CRM, Billing or SCM)
  • Functional expertise in Cyber Security; Data Analytics / Governance or Project Assurance.
  • Awareness of industry-specific regulatory issues

Essential behaviours:

  • Ability to collaborate effectively across different teams and multiple organisational levels.
  • Excellent interpersonal skills and stakeholder engagement
  • Resilience and Integrity – Ability to work effectively in the face of pressure and not compromise on quality or professional standards
  • Strong communication skills (oral and written) – particularly around explaining complex technical issues to non-technical audience in a manner that is clear and unambiguous

Desirable qualifications:

  • Relevant qualifications including CISA, CISM, CRISC, ISO 27001 (Lead Auditor) and/or 22301, Prince2/MSP/AGILE PM, ITIL