Job Description
Plan, execute and report all IT Security and Business Automation related audit activities for OakNorth Bank plc. to provide independent assurance to senior management that the bank’s IT infrastructure and digital transformation initiates (incl. non-IT) are fit for purpose to allow the bank to safely deliver best-in-class services to all its customers.
Job Responsibilities:
- Plan, execute and report all IT and cyber security related audit activities for OakNorth Bank plc
- Provide independent assurance to senior management that the bank’s IT infrastructure is fit for purpose to allow the bank to safely deliver best-in-class services to all its customers
- Ensure best practice and frameworks are followed to adhere to various audit guidelines and standards
- A Subject Matter Expert who can build a strong network for himself/herself and execute audit work autonomously all the way through to review whilst having a strong sense of customer service
- Manage IT related audit activities for the OakNorth Bank plc
- Delivers at least one audit per quarter: some audits to be delivered alone and others in partnership with the existing OakNorth audit team or empanelled co-sourced partner
- Document audit fieldwork, findings and prepare audit reports
- Review audit evidences and track closure of management actions
- Report on audit activity to senior management
- Continuously improve the IT audit methodology which suits the highly technical, disruptive, global, and fast-moving environment
- Supports IA team and colleagues on subject matter whilst keeping in mind team goals, not only individual targets
- Deliver internal and external certification audits
- Execute ITGC, network, cyber and cloud security audits
- Conduct internal audits to provide information whether the firm’s Information Security Management System conforms to the Internationally recognised Standards
- Deliver audits to evaluate the evolving cybersecurity automation ecosystem(“best-in-breed”)
- Perform cloud security assessments for AWS / Azure cloud platforms and other cloud-based solutions
- Carry out technical security reviews of firewall configurations, DLP, IAM, IPS /IDS and other critical applications
- Audit the continuously improving IT infrastructure model with newly emerging and flexible work solutions, post Covid-19
- Continuously assess and report, how well the Bank assesses internal and external threats including email attacks and vulnerabilities, as well as the fitness for purpose and effectiveness of its strategic and tactical responses
- Challenge incident, disaster response and business continuity plans and review the test reports, outcomes to verify backup / restore set-ups and RPO / RTO levels
Desired Skills:
- Someone with a minimum of 5-7 years of banking / consulting experience in IT security audits
- Hunger, fire (10x, momentum)
- Ability to work with others across teams, geographies, and legal entities (one team)
- Not a prima donna / ego issue (right ambition)
- Not highly political or “spin doctor” (say it as it is)
- Logical thinking, ability to get to the simplest answer as opposed to a convoluted one (challenge and simplify)
- An honest person who operates with a high degree of ethics and integrity through any situation (right ambition, say it as it is)
- Someone who holds a degree in information technology from a top institute with a consistently good academic record
- Holds at least one globally recognised IT certification, and working towards a second (IA / Risk or technical)
- Hands-on experience of working on some of the latest and best auditing / GRC tools
- A good understanding and knowledge of IT Security Compliance frameworks and industry control standards and, such as NIST, ISO 27001, COSO, COBIT, and ITIL
- A self-starter and fast learner; someone who can work and learn on his/her own
- Someone with gravitas and whose opinion matters; someone who is trusted by colleagues across the firm, from the most junior to the most senior
- A person who focuses on what matters most: outcomes; someone who relentlessly avoids hypothetical risks and verbose
