IT Risk & Controls Analyst (Controls Testing)

Responsibilities

• Control Testing & Assurance
• Plan, document and execute control testing across the different technology functions, including Technology & Cyber, Data Governance & Quality, and Transformation / Change.
• Assess control design and operating effectiveness, clearly evidencing outcomes and identifying control gaps.
• Produce concise test reports, agree remediation actions with control owners, and track issues to closure.
• Coordinate testing schedules with the central Controls function and ensure consistency of methodology and documentation.
• Support continuous improvement of the Technology control environment, identifying opportunities for automation and maturity uplift.
• Risk & Issue Management
• Support the accurate logging, maintenance and quality assurance of risks and issues within AuditBoard (GRC tool).
• Monitor remediation activity, ensuring actions are tracked, evidenced and escalated where required.
• Support audit and regulatory engagement by ensuring risk and control artefacts are complete, current and defensible.
• Risk Reporting & Governance
• Contribute to monthly Technology risk reporting, including control testing results, risk profile movements, issue status and key themes.
• Support preparation of materials for CTO and Risk governance forums.
• Support RCSA cycles, risk assessments for new initiatives, and oversight of material change.
• Contribute to regulatory, audit and assurance interactions as required.
• Essential
• Experience in IT risk, technology controls, internal controls testing, or IT audit (First, Second, Third Line, or IT External Audit).
• Strong understanding of technology and cyber risk domains (e.g. access management, change management, IT operations, security, SDLC, incident management, data governance).
• Experience documenting and executing control tests, including evidence gathering and evaluation.
• Strong written skills, with the ability to produce clear, structured documentation and reports.
• Familiarity with GRC tooling (e.g. AuditBoard or equivalent).
• Good understanding of risk management principles within a regulated environment.
• Strong stakeholder engagement skills with the confidence to challenge constructively.
• Analytical mindset with strong attention to detail.
• Operate autonomously while maintaining alignment with team objectives.
• Desirable
• Experience within a UK regulated bank, financial services firm, or a Consultancy.
• Awareness of FRC (UK Corporate Governance Code)/PRA/FCA regulatory expectations, Operational Resilience, and SMCR.
• Knowledge of control frameworks (e.g. SOx, COBIT, ITIL, NIST, ISO 27001).
• Professional qualifications (or working towards) such as CISA, CRISC, CISSP, or equivalent.
• Experience supporting change / transformation risk oversight.
• Your Wellbeing - We take your health and well-being very seriously by providing a range of benefits to give you and your family peace of mind. These include:
• Market leading family friendly policies such as access to our Maternity, Adoption and Paternity policies from Day 1 of your employment
• Free access to Headspace, a mindfulness & meditation digital health app
• Free access to Peppy digital health app that offers personalised support through fertility treatment becoming a parent or menopause
• EAP (Employee Assistance Programme) - Offering you support on a wide range of subjects including financial concerns, mental wellbeing and more general queries around family, work, housing and health
• Cyc

Benefits

Additional Information

This role is critical in strengthening Shawbrook's first line technology control environment. By delivering robust control testing and effective risk management support, the IT Risk & Controls Analyst helps ensure that Technology and Cyber risks are understood, managed and reported appropriately, protecting the Bank, supporting regulatory compliance, and enabling safe and sustainable growth. The IT Risk & Controls Analyst supports the effective management of technology and cyber risk within the CTO function. The role is responsible for executing and documenting control testing across the different technology departments, including Technology & Cyber, Data Governance & Quality, and Transformation (Change), ensuring risks and issues are accurately recorded and tracked, and contributing to high-quality risk reporting. The individual will operate within the First Line of Defence, working collaboratively with Technology, Cyber Security, Data and Change teams, as well as the central Risk and Controls and Second Line Risk functions, to ensure Shawbrook maintains a strong and well-evidenced control environment aligned to regulatory expectations (PRA/FCA/FRC) and internal risk management standards. This is a fantastic opportunity to sit at the heart of Technology in a growing specialist bank and play a visible role in strengthening how we manage risk. As IT Risk & Controls Analyst, you will move beyond traditional controls testing to directly influence how Technology, Cyber, Data and Change departments operate safely and effectively at scale.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Shawbrook? Share your experience