Senior Process Risk and Control Analyst

Senior Process Risk and Control Analyst

Shift Pattern:

Standard 40 Hour Week (United Kingdom)

Scheduled Weekly Hours:

40

Corporate Grade:

D - Assistant Vice President

Reporting Line:

(UK Division) Information Technology

Location:

UK-London

Worker Type:

Permanent

The London Metal Exchange (LME) is the world centre for industrial metals trading. In 2023, 149 million lots were traded, equating to $15 trillion notional and 3.5 billion tonnes, with a market open interest high of 1.8 million lots.

The metals community uses the LME, an HKEX Group company, as a venue to transfer or take on price risk, as a physical market of last resort and as the provider of transparent global reference prices.

Overall Purpose of Role:

The role provides Technology Governance Risk and Compliance specialist services to HKEX, LME and LME Clear. Working closely with peers across the technology function and stakeholders within the wider Organization.

The role is to drive compliance and risk reduction initiatives across the Firm using all the Governance Risk and Compliance tool sets available. This will help ensure the service delivered is consistent with the inherent security threat and risk profile of a global exchange designated as critical national infrastructure.

Responsibilities:

• Maintain and mature the 1LoD technology Risk and Controls processes.

• Perform controls analysis and testing and provide best practice recommendations.

• Drive risk management activities including analysis, identification and oversight.

• Support and produce MI for committees/ stakeholders.

• Lead internal and external audits and support regulatory initiatives. 

• Support TPRM Assurance activities

• Deliver continuous enhancement to support GRC maturity initiatives.

• Manage Exceptions against policies and standards.

• Create and deliver InfoSec Assurance awareness briefings.

• Support the team in line with the Process Risk and Control service catalogue.

Qualifications Required:

• University degree in Information/Cyber Security or related field/equivalent compliance experience

Preferred Knowledge and Experience:

• Any professional security qualifications such as CISM, CRISC or CISSP are desirable
• Experience of working in regulated markets or financial services
• Knowledge of Information Security Domains /and frameworks such as NIST. CIS
• Preferred background in 1st LoD Line Risk & Control roles or IT/Cyber Architecture
• Strong analytical thinker capable of generating and presenting IT technology risks & Controls to non-technical audiences.
• Experience/knowledge of the following: -
  • Risk Management/Audit Oversight.
  • Presenting/Reporting to a senior level.
  • Experience of assessing control gaps and documenting associated remediation plans   
  • TPRM Assessments/ Activities
  • Creating awareness / assurance briefings   

Skills Required

• Stakeholder management across multiple business functions working with all lines of defence teams.
• Proficient written, verbal and presentation skills.
• Understanding of security related KPIs & KRIs, metrics and reporting.
• Proactive and balance multiple projects to deliver timely effective solutions.
• Able to rapidly understand the business operating environment of the Group.
• Apply existing GRC knowledge to drive compliance across the business and improve service delivery.

The LME is committed to creating a diverse environment and is proud to be an equal opportunity employer. In recruiting for our teams, we welcome the unique contributions that you can bring in terms of education, ethnicity, race, sex, gender identity, expression & reassignment, nation of origin, age, languages spoken, colour, religion, disability, sexual orientation and beliefs. In doing so, we want every LME employee to feel our commitment to showing respect for all and encouraging open collaboration and communication.