Information Security Audit and Controls Manager

Stanton House
negotiable + benefits
15 Apr 2019
13 May 2019
Job Type

Information Security Audit and Controls Manager

Company Description

A leading global provider of financial administration solutions. As one of Europe’s leading asset servicing platforms, the company interacts with almost 6m investors, administering and safeguarding £600bn of assets across 10 highly regulated markets.

Job Description

The primary purpose of this role is to ensures compliance with established internal control procedures by examining records, reports, operating practices, documentation, processes, methods, and evidence gathering is in place for Audits events.    Completes audit work papers by documenting audit tests and findings for the Audit Provider, Internal or External and ensuring they are continually managed to a within tolerance level. Where controls do not exist, they are designed and implemented with support from the Information Security Team and Lines of Business areas to provide assurance that gaps are closed.

With the correct controls and frameworks in place, and maintained, this role will coordinate, schedule and face off to all Auditors and Audits providing and collating evidence when requested, from the appropriate control points and liaising with other teams where necessary ensuring a consistent and controlled service is provided;

The role holder will be responsible for creating and maintaining an Audit Evidence Database to facilitate the response to repeat audit and questionnaires.  This will be through targeted research and the accumulation of knowledge and understanding of the Link Group Policies, Procedures, and Standards and compiling the appropriate information into bespoke packages tailored to meet specific audit and other demands. 

They will also be responsible for managing and reporting on the Logical Access Review (LAR) process for movers and movers.  Co-ordinate and support Application owners with a system attestation process. Ensuring that all access requests/amendments and deletions are appropriately documented and authorised and that an audit trail exists for all LAR activities.

The role will play a key part in the continued achievement of ISO27001 certification and in maintaining the controls associated with it, or with other certification as required by all lines of business.



• Experience of engaging with technical resources and demonstrating a level of understanding required to get technical controls scoped and operational;

• Demonstrable stakeholder management up to senior business leader level;

• Demonstrable Knowledge of IT, financial, operational, and Audit management controls;

• Sound analysis, investigative and problem-solving skills;

• Effective verbal and written communication skills;

• Ability to deliver to strict deadlines in a pressured environment; and

• Meticulous attention to detail.


• Experience translating Business Audit and requirements to technical teams;

• Proven IT governance experience;

• Demonstration experience of Concise reporting and management of stakeholders at senior level; and

• The ability to assess situations to determine priority, urgency and associated risks, and then to make clear decisions and recommendations which are timely and protect the organisation from the identified threat or risk.

Apply Now

Apply for Information Security Audit and Controls Manager

Already uploaded your CV? Sign in to apply instantly


Upload from your computer

Or import from cloud storage

Your CV must be a .doc, .pdf, .docx, .rtf, and no bigger than 1MB

4000 characters left

When you apply for a job we will send your application to the named recruiter, who may contact you. By applying for a job listed on you agree to our terms and conditions and privacy policy.

As part of the job finding service we provide, we will send you relevant news and information via email. These will be sent by SATOS Media and you may opt out from receiving these emails at any time by following the unsubscribe links within the messages or by contacting us via the details within the Privacy Notice.

You should never be required to provide bank account details. If you are, please email us.