Risk and Audit Manager
Description:
The LMAX Group is a global financial technology company which operates multiple institutional execution venues for FIAT and digital currency trading.
Servicing brokers, funds, corporates, asset managers and banks, the LMAX Group delivers a unique vision for global FX and cryptocurrency trading - a transparent, neutral, level playing field for all market participants, regardless of status, size, or activity levels.
Purpose:
The Groups Governance team has grown over the last year, we are seeing an increasing number of client and supplier due diligence matters as well as an expanding certification and attestation regime.
We are looking for an experienced Audit And Risk Manager to join our team to drive proactive reduction in risks, working with technology teams to continuously improve our operational processes and audit cycle by modernising and re-thinking the existing systems and processes.
This role plays a key role to contribute to an open and transparent culture of risk management and demonstrate a strong awareness of the risks that should be managed. You will work alongside the CIO and Director of Technical Operations to ensure that all teams across Group technology are in alignment with the strategic direction.
Reporting into the Head of Operational Risk within Group Technology, you will engage with internal and external auditors to identify areas of opportunity across all the Group. Opportunities may include cost savings, efficiency and/or reducing turnaround time, but will also include ways of creating additional value by identifying process gaps. This may include auditing of 3rd parties and some internal processes.
The ideal candidate will have excellent stakeholder management skills and experience and expertise in business process improvement techniques/change programmes. You can identify and analyse connections and linkages within the Group’s departments and their processes to focus the audit and risk management approach.
The post holder will be part of a team responsible for internally auditing internal controls and security standards such as ISO27001, ISO 22301, SOC 1 and 2, NIST. The role includes forming evaluations of the effectiveness of internal controls, risk, and security assessments, and developing policies alongside stakeholders.
Key Responsibilities:
- Manage the Group Technology relationship with Group Risk and ensure alignment of the Group Technology risk management process, governance and reporting with Group Risk processes and requirements.
- Define, implement and manage the Group Technology Policies and Standards framework, ensuring Policies and Standards are comprehensive and regularly reviewed/refreshed.
- Manage the internal delivery of the information security management system (with support from other team members)
- Lead and report on ISO/IEC 27001:2013 internal audits of processes, policy, and systems for ISMS compliance.
- Perform SOC type I and II control tests of processes, documentation, and policy to support external assessments.
- Work with risk owners to review and aggregate risk assessments, recommend, and manage risk treatment plans.
- Increase awareness and alignment to the governance approach – engage all departments and teams
- Interface with regulators, auditors or clients requesting RFPs, inquiries, and security audit reviews.
- Track and correct issues identified during internal and external audits.
Requirements:
Technical Skills:
- Desirable ISO/IEC 27001 Certified Internal Auditor and or equivalent experience.
- Experience with ISO/IEC 22301 Business Continuity implementation/audits
- Experience in Information Technology, Security Analysis, Governance, Risk and Compliance
- Experience managing audits in Financial, Insurance or Regulatory industries.
- Experience working with Risk management frameworks.
- Experience working in IT teams and understanding of IT processes
- Understanding of vulnerabilities, threats, and risks at an organisational level.
- Knowledge related to cyber security governance, controls, and effective monitoring.
- Ability to work closely with auditors, regulators, and internal stakeholders and articulate technical concepts
- Fluent written and oral English communication skills
Any of the following would help you to stand out:
- Change management experience
- Organisational skills and attention to detail
- Project Management skills or qualifications.
- History of study or working in areas such as Risk Management, IT Security, Governance would be desirable.
- Experience within the finance sector.
Soft Skill
- Experience building relationships and influencing at Leadership Team level.
- Willingness to learn, and to share knowledge.
- Genuine enthusiasm for Security and Governance.
- Positive, constructive, and open-minded attitude.
- A problem-solving mindset coupled with a strong sense of ownership and drive.
- Practical approach to managing time and workload, to ensure tasks are completed in a timely fashion.
- Ability to understand business processes and how they affect the security stance.
- Good documentation and communication skills to communicate with a global team.