Technology Controls Testing - AVP

Purpose of the role

To partner with the bank, to provide independent insurance on control processes and advise on improvements to ensure the efficiency and effectiveness of the bank’s internal controls framework.  

Key Accountabilities

• Carry out annual controls testing for Cyber, General Computer Controls (GCC) and Automated Business Controls (ABC) with the deep understanding of assessment frameworks and the applications
• Ensure quality and accuracy of control testing by performing internal quality assurance (QA) verification as per Barclays Control Framework
• Liaise with stakeholders across the three Lines of Defence to ensure efforts are aligned and complementary
• Review activities undertaken by management to remediate control gaps and provide an opinion as to whether the risk has been fully mitigated and whether the implemented controls are sustainable.
• Identify and leverage appropriate data sources and data analytical techniques to deliver targeted testing
• Extend the support towards implementation of the Technology CCO strategy to drive global consistency and improvements in risk awareness and risk management capability by developing a close and trusted relationship with key stakeholders, wherever required.
• Maintain an independent perspective, challenging as required and setting out quantified control options and risk decision recommendations.

Risk and Control Objective

Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise Wide Risk Management Framework and internal Barclays Policies and Policy Standards

Person Specification

Project Management:

• 8-10 years of testing experience of ITGC/Cyber/Application Controls
• Understands IT processes, cyber risk, and types to controls to mitigate and manage risk  
• Responsible for the preparation of review documentation throughout the project lifecycle, in line with the methodology
• Ability to assess and manage scope change - proactively identifies risks, issues and dependencies
• Can manage the trade-offs of delivery within time, cost, and quality constraints
• Hands on experience into IS Audits / IT Assessments and GRC (Governance, Risk & Controls)
• Analytical approach and proven ability to lead and manage issue discussions to closure
• Strong interpersonal skills and ability to communicate effectively across a global team
• Ability to successfully multitask and complete assignments with varying lead times
• Self-starter & works independently
• Is able to manage team, track delivery, escalate challenges timely with regular reporting to Portfolio lead

Essential Skills/Basic Qualifications:

• Knowledge of NIST, Cloud Frameworks, Artificial Intelligence, Quantum Computing including relevant tools and technologies
• Demonstrated use and knowledge of data analytics embedded testing
• Depth of knowledge of key areas in cyber risk, including access management, networks, data security, system security and resilience at both application and infrastructure layers
• Extensive knowledge and experience in one or more of the following fields IT audit, Risk and Control, IT security
• Relevant professional certification (CISA, CISSP, CRISC, CISM, ISO 27001) or equivalent

All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship – our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset – to Empower, Challenge and Drive – the operating manual for how we behave.

Desirable skills/Preferred Qualifications:

This role requires extensive knowledge and working experience in Technology, Information, and Security domain.

• Knowledge of IT architecture, networks, operating systems and database security, Active Directory, Cloud, Resiliency, SIEM tools
• Knowledge or IS/IT Risks & Controls and respective Standards / Frameworks (e.g. COBIT, ITIL)
• Practical experience in managing Cyber, Resilience and Physical Risks  & Controls in Banking/ NBFC domains
• Develop use cases to automate testing for efficiencies, articulate benefit of data-led approach