IT Control Analysts
Posted Today by Falcon Smart IT (FalconSmartIT)
Negotiable
Undetermined
Undetermined
London Area, United Kingdom
Summary: The IT Control Analyst role involves validating and testing a prioritized set of IT and IS controls through direct engagement with control owners. The analyst will conduct Microsoft Teams meetings to assess control activities, document findings, and ensure compliance with established standards. This position is a 6-month fixed-term contract based in London, UK. The role requires a strong understanding of various control domains and relevant qualifications in IT governance and security.
Key Responsibilities:
- Schedule walk-through meetings with control representatives.
- Review supporting process/activity documents/websites prior to meetings.
- Perform testing using the enquiry method during Teams-based meetings.
- Document control activities, processes, and operational evidence.
- Assess control design and effectiveness, documenting test results.
- Write findings in a templated Word document and update the Excel test plan tracker.
- Notify management and control representatives of test outcomes.
Key Skills:
- Qualifications: CISA.
- Knowledge of COBIT, ISO27001, CISM, CISSP, and ITIL (mandatory).
Salary (Rate): undetermined
City: London
Country: United Kingdom
Working Arrangements: undetermined
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
Job Title: IT Control Analysts
Location: London , UK
Job Type: 6 month FTC
An experienced controls testing analyst who can validation test a prioritised set of IT and IS controls through enquiry with a control owner/representative. The control testing analyst will arrange Microsoft Teams-based walk-through meetings with control representatives to undertake the test, asking probing questions to determine if the control activity is being performed satisfactorily and can be evidenced.
The control testing analyst will:
- Schedule walk through meetings
- Prompt for and read supporting process/activity documents/websites beforehand
- Perform testing – enquiry method
- Teams-based meeting
- Ask the control representative to explain the control activities, processes, and operational evidence, along with supporting documentation / websites
- Take notes and screenprints in evidence
- Make the assessment – document the test result
- Determine if the control is adequately designed, effectively operated (risk is managed)
- Write up finding in a templated Word document, plus evidence (screenshots, URLs, …)
- Update the Excel test plan tracker with results
- Notify management and the control representative of the test outcome
Controls to be tested
The following control domains are to be tested
- Perimeter - Secure Networks and Devices; Threat monitoring and response; Malware protection; Physical security.
- IBS/Critical apps - Change management; Secure Development; User Access Management.
- Resilience/Preparedness - Service Continuity & Recovery Planning; Crisis Response; Vulnerability Management; Physical operational resilience.
- Data - Rest and Transit Protection, Loss Prevention, Access, Accuracy and Completeness, Retention and Disposal.
- Financial Control Framework (FCF) - User Access Management (non-IBS apps); other ITGC areas covered by bullets above e.g., change management.
Qualifications : CISA
Knowledge : COBIT, ISO27001, CISM, CISSP; ITIL (mandatory)