Technology Controls Governance Assistant Manager

Role Summary:

• Supports the development and maintenance of robust control frameworks and a unified Technology & Cyber Security Control library.
• Helps implement process control monitoring capabilities to oversee control execution across Engineering.
• Contributes to driving a positive risk culture within Engineering by implementing processes for control effectiveness demonstration.
• Requires organised, methodical thinking with strong attention to detail for creating control test plans and documentation.

What you’ll be doing:

• Control Library Management: Maintain and regularly update the centralised Technology & Cyber Security control library, ensuring controls align with industry frameworks (NIST, ISO, COBIT) and regulatory requirements (e.g. DORA). Help translate complex framework/regulatory requirements into clear, actionable controls.
• Control Testing: Conduct Tests of Design Assurance and Operating Effectiveness Assurance for key controls at both group and divisional levels, providing critical support for Group Engineering, Risk & Control Assessments. Document test results and identify areas for improvement.
• Evidence Management: Establish and oversee processes to ensure control evidence is properly documented, stored, and accessible at required frequencies. Create standardised templates for evidence collection to improve consistency. Review monitoring results for completeness and accuracy, driving corrective actions as needed. Thoroughly review monitoring results for completeness and accuracy, challenging questionable evidence and driving corrective actions with Self-Identified Issues( SIIs) when deficiencies are identified.
• Assurance Coordination: Plan and coordinate periodic independent assurance activities with internal audit teams and external assessors, preparing documentation and facilitating access to evidence.
• Key Control Indicators (KCIs): Implement, track, and analyse Key Control Indicators (KCIs) aligned to the control library, helping to identify trends and potential weaknesses before they impact operations.
• Reporting & Visualisation: Maintain detailed control performance dashboards and metrics that clearly communicate control status to various stakeholders, from technical teams to executive leadership. Perform sample-based testing of control operating effectiveness.
• Remediation Management: Identify thematic control weaknesses and collaborate with control/process owners to develop and implement effective remediation strategies with clear timelines and accountability. Represent Engineering in risk discussions with internal stakeholders.
• Stakeholder Engagement: Represent Technology Controls Governance team in risk discussions with internal stakeholders, translating Enterprise Risk Management Framework (ERMF) concepts into Group Engineering consumable material.

Qualifications

• Relevant degree in IT, Cybersecurity or Risk Management (Desirable).
• 3+ years’ experience in technology controls or compliance.
• Strong knowledge of control frameworks (NIST, ISO, COBIT).
• Demonstrable knowledge of key controls across Technology process areas (e.g. incident, Change, Capacity management).
• Experience in control implementation across Technology process areas.
• Experience in control testing and evidence validation.
• Proven team management and project delivery skills.
• Excellent analytical, communication abilities and presentation skills.
• Experience with GRC tools and control automation.