IT Risk and Controls Analyst

Key Role Responsibilities  

Control Testing & Assurance 

• Plan, document and execute control testing across Technology & Cyber, Data Governance & Quality, and Transformation / Change domains. 

• Assess control design and operating effectiveness, clearly evidencing outcomes and identifying control gaps. 

• Produce concise test reports, agree remediation actions with control owners, and track issues to closure. 

• Coordinate testing schedules with the central Controls function and ensure consistency of methodology and documentation. 

• Support continuous improvement of the Technology control environment, identifying opportunities for automation and maturity uplift. 

Risk & Issue Management 

• Support the accurate logging, maintenance and quality assurance of risks and issues within AuditBoard (GRC tool). 

• Monitor remediation activity, ensuring actions are tracked, evidenced and escalated where required. 

• Support audit and regulatory engagement by ensuring risk and control artefacts are complete, current and defensible. 

Risk Reporting & Governance 

• Contribute to monthly Technology risk reporting, including control testing results, risk profile movements, issue status and key themes. 

• Support preparation of materials for CTO and Risk governance forums. 

• Support RCSA cycles, risk assessments for new initiatives, and oversight of material change. 

• Contribute to regulatory, audit and assurance interactions as required. 

Skills & Experience 

Essential 

• Experience in IT risk, technology controls, internal controls testing, or IT audit (First, Second or Third Line). 

• Understanding of technology and cyber risk domains (e.g. access management, change management, SDLC, incident management, data governance). 

• Experience documenting and executing control tests, including evidence gathering and evaluation. 

• Strong written skills, with the ability to produce clear, structured documentation and reports. 

• Familiarity with GRC tooling (e.g. AuditBoard or equivalent). 

• Good understanding of risk management principles within a regulated financial services environment. 

• Strong stakeholder engagement skills with the confidence to challenge constructively. 

• Analytical mindset with strong attention to detail.  

Desirable 

• Experience within a UK regulated bank or financial services firm. 

• Awareness of PRA/FCA regulatory expectations, Operational Resilience, and SMCR. 

• Knowledge of control frameworks (e.g. COBIT, ITIL, NIST, ISO 27001). 

• Professional qualifications (or working towards) such as CISA, CRISC, CISSP, or equivalent. 

• Experience supporting change / transformation risk oversight.  

Qualifications

Education/Professional Qualifications 

Shawbrook is committed to providing opportunities to all candidates, and understand that not all candidates may possess a qualification or education aligned to the role. We will assess each candidate on their individual experience and skills, and not solely on level of education. 

Key attributes 

• Ownership & Accountability – Takes responsibility for delivering high-quality outputs and meeting deadlines. 

• Constructive Challenge – Able to question control design and effectiveness in a professional and evidence-based manner. 

• Collaboration – Works effectively across Technology, Risk and Change teams. 

• Continuous Improvement – Proactively identifies opportunities to strengthen the control environment. 

• Integrity & Professional Judgement – Demonstrates sound judgement in assessing risk and control effectiveness. 

Additional Information

Reward:

Your Wellbeing - We take your health and well-being very seriously by providing a range of benefits to give you and your family peace of mind. These include:

• Market leading family friendly policies such as access to our Maternity, Adoption and Paternity policies from Day 1 of your employment
• Free access to Headspace, a mindfulness & meditation digital health app
• Free access to Peppy digital health app that offers personalised support through fertility treatment becoming a parent or menopause
• EAP (Employee Assistance Programme) - Offering you support on a wide range of subjects including financial concerns, mental wellbeing and more general queries around family, work, housing and health
• Cycle to work scheme
• Discounts on gym membership
• Contributory pension scheme & death in service

Your Lifestyle - It’s important you strike the right balance between your work and personal life. We provide benefits to support you when at work and when you’re enjoying your leisure time.

• Minimum of 25 days holiday per year
• Option to buy or sell holiday days through our flexi-holiday scheme
• Discounts on gym membership nationwide
• Access to discounts on a range of high street and online brands
• Community support and charitable giving

Your Contribution - We’re focused on rewarding those that go the extra mile in helping us achieve our goals.

• Participation in our annual discretionary bonus scheme designed to reward your contribution to our success
• Proudly Shawbrook recognition scheme focused on recognising our role models and thanking our colleagues for a job well done