The Senior IT Risk Analyst supports the ICT Risk Manager in the second line of defence, focusing on identifying, assessing, and monitoring IT risks across FCE. This role assists in maintaining the IT Risk Management Framework, conducting risk assessments, and providing oversight to the first line of defence (IT and business units). The Senior IT Risk Analyst will contribute to ensuring FCE’s IT systems and infrastructure are resilient, secure, and compliant with regulatory requirements and industry best practices.

Essential Skills and Experience:

Proven experience in IT risk management, information security, IT audit, or a related field within a financial institution or regulated environment.Good understanding of UK, EU, and international resilience regulations and standards, including NIST, DORA, FCA, and PRA guidelines.Ability to collaborate with IT teams and business units, providing constructive challenge and advice on IT risk management.Strong communication, presentation, and report writing skills.Analytical and problem-solving skills, with the ability to identify and assess risks and develop mitigation strategies.Experience with risk management frameworks and methodologies (e.g., COSO, NIST).

Desirable Skills and Experience:

Experience working in a regulated financial services environment.Experience with cloud computing and related security risks.Professional qualifications such as CISM, CRISC, or similar are desirable.Experience with data security and privacy regulations (e.g., GDPR).

Education is important to us; ideally, you’ll have a degree, but if that’s not the case and you have extensive experience/skills you feel are relevant and beneficial to the role, we are open to discussing your suitability.

If you are concerned about applying due to disability, please contact us; we’re an inclusive team and would like to discuss what adjustments we can make to support your application.  

Note: Banking and Compliance training including fair treatment of customers is mandatory for all FCE employees. Necessary training will be given to any successful candidates that require it.

Ford is committed to diversity and equality of opportunity for all and is opposed to any form of less favourable treatment or harassment on the grounds of gender, marital status, civil partnership status, parental status, race, ethnic origin, colour, nationality, national origin, disability, sexual orientation, religion/belief, gender reassignment and gender identity, age and those with caring responsibilities

Key Responsibilities:

IT Risk Management Framework Support:Assist in maintaining and updating the organisation's ICT Risk Management Framework (RMF) to align with the information security framework and regulatory requirements.Support the implementation of risk management policies, standards, and procedures.Risk Monitoring and Reporting:Support the monitoring and reporting of IT risk information to the ICT Risk Manager, contributing to reports for the Board and Executive Committee.Assist in developing key risk indicators (KRIs) and metrics to track and monitor IT risks.Help prepare comprehensive risk reports and presentations for senior management.Regulatory Compliance:Assist in ensuring compliance with relevant UK and EU regulations and standards (e.g., NIST, DORA, FCA, PRA) and international standards (e.g., ISO 27001, ISO 22301).Support the ICT Risk Manager in advising on regulatory requirements and ensuring IT systems and processes meet these standards.Second Line Oversight:Provide independent second-line oversight and challenge to the first line of defence on various aspects of IT risk management, including:IT Service Continuity: Review and assess IT service continuity plans to ensure critical systems can recover from disruptions.Third-Party Risk Management: Evaluate risks associated with third-party IT service providers and ensure appropriate due diligence and controls are in place.Incident Management: Monitor incident response processes to ensure incidents are managed effectively and lessons learned are implemented.Resilience Testing: Support the design and execution of resilience testing activities, including penetration testing, vulnerability assessments, and disaster recovery exercises.Intra-group ICT Service Provision: Assist in the oversight of ICT service provision within the group, assessing risks and ensuring appropriate controls are in place.Risk Assessment:Conduct regular risk assessments, focusing on critical IT services, third-party dependencies, and business-critical operations.Utilise risk assessment methodologies to identify, assess, and report on potential risks.Document risk assessment findings and recommendations.Stakeholder Management:Engage with internal stakeholders, including IT teams and business units, to ensure risk management objectives are understood and executed.Support the ICT Risk Manager in communicating with external stakeholders, such as regulators and third-party providers.