Deputy Manager - Risk Control and Audit

  • Competitive
  • Edinburgh, Scotland, United Kingdom
  • Permanent, Full time
  • Lloyds Banking Group
  • 16 Jan 19

Deputy Manager - Risk Control and Audit

End Date

1 February 2019
Salary Range

£48,636 - £54,040

Job Description Summary

An exciting opportunity has arisen for an enthusiastic candidate to help lead the Risk, Control and Audit team within CIO IT Cyber Security.

IT Security provides Lloyds Banking Group with a secure operating environment, safe from malicious attack or abuse of privileged access by applying controls on behalf of Data Owners and promoting the secure use of IT across the Group.
The successful candidate will be part of the CIO IT Cyber Risk Control and Audit team which forms part of the wider CIO IT Cyber Security area. The Risk Control and Audit team are responsible for overseeing various assurance and risk areas across all of IT Cyber Security including:-
•\tAudit (internal and external), liaising with Group Internal Audit and external auditors such as Ernst Young, KPMG and PwC;
•\tDealing with inputting for Regulatory responses;
•\tOverseeing Control Testing and liaising with BUCF where escalations require our input;
•\tOversight of Risks alongside displaying well versed knowledge on projects aligned to risks;
As the Deputy Manager, reporting to the Senior Manager you will have a broad grasp on all the areas above, whilst leading on particular areas such as audits, regulatory responses and compliance matters. You will be responsible for helping to lead a small function along with leading a wider team of cross departmental colleagues when collaborative cross party working is required to enable the successful completion of work streams in the above areas. You will drive targeted improvements in both performance and compliance activities by working collaboratively with Tower leads to drive process improvements where those are identified as a result of audits, regulatory direction or identified risks. You will have the ability to manage your own workload, paying particular attention to quality and attention to detail whilst meeting timescales and setting objectives as required. Strong stakeholder skills at peer level and more senior level are essential for this role.
This is an opportunity for a self-motivated, solution driven individual to gain valuable experience of IT Cyber Security as well as regulatory, audit, risk and compliance best practice.

Job Description

Core Purpose of the Role:

  • Driving improvements across the wider CIO Cyber Security team.
  • Effectively manage senior stakeholders across the different function areas which impact IT Cyber Security, this includes the different business areas and different geographical areas within LBG, e.g, North America and Germany.
  • Ensure development procedures, processes and standards are being adhered to.
  • Ensure compliance to SOX, ITEC and other internal standards are maintained whilst building relationships with IT Risk, SOX and Audit partners.

Identify, escalate and proactively manage risks to ensure regulatory compliance is maintained.

Key Accountabilities:
  • Lead and oversee on the E2E audit engagement process with internal and external auditors and the BUCF function on Control Testing, dealing with escalations where those arise.
  • Effectively act as the conduit between auditors, (particularly external auditors) and the wider IT Cyber Security colleagues to ensure structured approach to audits.
  • Effectively act as the conduit between different business areas and the wider IT Cyber Security colleagues on the more complex audit and risk requests from the business areas to ensure structured approach to audit and risk management.
  • Playing vital role in ensuring development procedures, processes and standards are being adhered to and working with colleagues collaboratively where improvements can be made.
  • Drive and manage targeted process improvements across the IT Cyber Security Area which are identified through risk, control testing and audit streams of work.
  • Manage key stakeholders.
  • Actively coach members of the team, supporting colleagues in personal development, to ensure maximum contribution.
  • Actively coach and support SMEs within the different functions to ensure risk, audit and control landscape is well understood and well managed.
  • Discussing and agreeing parameters of controls and audit scopes to ensure effective control framework is in place to demonstrate risk reduction across the CIO IT Cyber security function.
  • Working with our Risk colleagues to ensure that all material risks and audit actions are identified and are being tracked to successful conclusion.

Providing succinct briefings and pre-empting issues that require Senior Leadership attention in areas of audit, control testing and risk on a regular basis to enable MI obligations to be met.


Essential capabilities/ knowledge, skills and experience
  • Strong positive impact with the ability to manage and influence a diverse group of partners and build confidence.
  • Excellent communication skills (oral and written) and ability to effectively communicate difficult or sensitive messages to end users and deal with a mixture of user responses
  • Manage competing work streams across different areas, allocating resources to tasks, balancing priorities and ensuring high standards of service delivery.
  • Strong Quality / Service Focus with good attention to detail
  • Proven ability to manage risk effectively and to oversee the implementation of appropriate and mitigating strategies.
  • Experience designing and creating supporting operational documention of IT Cyber Controls
  • Risk Management
  • In-depth knowledge of Auditing methodologies
  • Detailed knowledge of at least 2 of the following:
    - Risk management including risk analysis and matrix scoring;

    - NIST Framework;

    - Control Testing;

    - SoX Framework;

    - Internal Audit Management

    Desirable skills/ capabilities/ experience
  • Experience working in an IT Security function is desirable
  • Ability to proactively seek out areas of poor performance and help implement service improvements, whilst building customer perception of an area, (Group IT/ IT security function.)
  • Capability to identify process and understand technical risks, articulate the associated IT costs, time implications and business impacts, and propose pragmatic options for resolution
  • Strong understanding of Cyber Security/ Identity and Access industry related best practice is desirable
  • Production of realtime reporting using Group technologies (Tableau, Microsoft PowerBI) - preferable

At Lloyds Banking Group, we're driven by a clear purpose; to help Britain prosper. Across the Group, our colleagues are focused on making a difference to customers, businesses and communities. With us you'll have a key role to play in shaping the financial services of the future, whilst the scale and reach of our Group means you'll have many opportunities to learn, grow and develop.

We're focused on creating a values-led culture and are committed to building a workforce which reflects the diversity of the customers and communities we serve. Together we're building a truly inclusive workplace where all of our colleagues have the opportunity to make a real difference.