IT Risk & Control Advisor (COBIT - ServiceNow GRC)
Posted on Apr 5, 2022 by Base 3
Qualifications, professional skills and experience
- University degree or equivalent experience (education in computer science or engineering is a plus)
- Field experience in the IT risk and control environment or equivalent experience and critical mindset and ability to challenge and influence middle management and IT experts
- A good understanding of ServiceNow GRC is a strong asset
- Process-minded and good knowledge of the key principles of the IT related frameworks such as COBIT2019, ITIL and PRINCE2 is a plus (no certification is required)
- Fluent knowledge of English (verbal, writing, presentation). French and/or Dutch is a plus
- Experience in large multi-platform-based IT environments, such as IBM Mainframe and distributed systems
This role is focusing on IT general controls, covering the main Technology areas including IT operations, project delivery, governance, strategy and other key domains.
Our IT control framework is based on COBIT as industry best practice and is being implemented in the ServiceNow GRC platform through the IT Risk & Control programme. You will take an active role in the programme and focus in particular on ensuring the key control requirements for IT from the Compliance & Ethics and Finance departments are adequately addressed and incorporated in the IT control framework.
You will contribute to design, co-create and roll out effective controls addressing key regulatory and financial requirements across the relevant IT domains and processes, advising and challenging control owners. By promoting and implementing controls you will help to improve the risk culture and control maturity in IT. You will work closely with Compliance & Ethics and Finance departments (issuing control objectives/requirements) as well as with IT process and control owners (in charge of the control activities that have to meet the requirements).
You have a strong risk mind-set, are a good relationship builder and want to play a critical role in the IT Risk transformation. Proficient (oral and written) communication as well as influencing are part of your main skills.
Note: this role has been assessed as Inside R35 which affects UK resident candidates only