AMP Capital is a specialist investment manager with offices in Australia, New Zealand, Japan, China, Hong Kong, India, London, Chicago, New York, California, Ireland and the Middle East. We are a leading global real estate and infrastructure manager and the combination of our scale, breadth and capability provides access to superior investment opportunities for our clients.The AMPC Technology & Innovation vision is to be recognised as a high performing technology function, one that is built on a foundation of secure, automated, and real-time data driven technologies, enabled by a team that is seen as innovative, agile, commercial, that is continuously learning and that has an excellent risk mindset. Due to increasing workload we are now seeking to appoint a Controls Assurance and Risk Analyst to the team. This role is reporting to and supporting the Tech Risk and Cyber Manager in managing the oversight of technology and cyber security risk across AMP Capital. This includes evaluating the strength of the first line controls and determining the holistic level of technology/cyber threats. This role will also take responsibility for facilitating the appetite statements relating to AMPC Technology and Cyber risks, risk workshops, IT Risk reporting to management, conducting risk control self-assessment (RCSA) and performing controls assurance of IT critical risks (i.e. testing design and operating effectiveness of IT controls). The successful candidate will; Contribute to development and implementation of Technology and Cyber Security Control Assurance Framework which supports the AMP Capital business model and compliance with applicable regulations.Develop and contribute to Controls Assurance Plan. Identify critical risks and key controls to be testedConduct Controls Assurance (design and operating effectiveness) and critical controls in AMPC TechnologyLiaison with assurance providers, including AMP Group wide Internal Audit, external auditors, regulator and 2nd Line Risk, including proactive management of assurance engagement and runway, oversight of audit observations and remediation actions with agreed reporting to internal and external stakeholders. Ensure that AMPC Technology meets requirements of regulator / audit / governance committeeAssist in providing internal and external audit requirements.Ensure that audit issues/actions are managed, addressed and closed appropriatelyIdentify opportunities for security controls optimisation in line with emerging threats internally and externally. Support identification of appropriate, fit for purpose and cost-effective control solutions, and adopting new security technologies to support effective and efficient management of risk and controls. Role model and drive pro-active risk culture and risk management in TechnologyWork collaboratively with Technology Functional Heads, Business Unit Leadership teams and ERM to ensure AMP Capital has an effective Technology Risk Management Framework.Delivering outstanding 1st line (Tech Risk and Cyber) support across AMPC Technology. Assist in the management of the Issues Management (including audit activity), in line with ERM standards. Experience Strong experience in technology and cyber risk management (minimum of 5 yrs. experience in technology operational risk management for financial institutions or any large organisation)Demonstrated competencies with Technology Risk activities within the Three Lines of Defence modelSound knowledge of regulatory requirements for operational risk (e.g. Basel II, GS007, AS3402) and experience working with common technology industry standards such as COBIT 5, COSO, ITIL, NIST, ISO31000, ISO27001, etc.)Strong knowledge of Financial Services, investment management company or similar organisationsAbility to analyse trends, identify critical threats and opportunities, diagnose problems and issues and recommend appropriate actionsAbility to exercise initiative and prudence in following through on risks, issues and remediation actionsSets challenging goals and standards of excellence beyond currentStrong relationship building, reasoning ability and negotiation/influencing skillsAdvanced oral and written communication skills, including the ability to influence across a range of stakeholder groupsExtremely comfortable in working with business, technical people, from senior management to line staffExperience in a consulting role (strategy, process re-design) or an audit role.IT Audit experience would be beneficial, as would CISA, CRISC, CISM or other IT Risk related certificationsDegree qualified in a relevant subject with additional qualifications and certifications necessary
Don’t provide your bank or credit card details when applying for jobs. Learn how to protect yourself here.