Senior Governance Analyst, IT
Job Details
Full Job Description
Looking for a role within IT Governance, Risk and Compliance ?We are looking for a for a Senior IT Governance Analyst that will serve in a lead capacity to ensure all major Global IT processes and system controls are designed effectively, support clarity and enable continuous improvement.
What part will you play? If you’re looking for a place where you can make a meaningful difference, you’ve found it. The work we do at Markel gives people the confidence to move forward and seize opportunities, and you’ll find your fit amongst our global community of optimists and problem-solvers. We’re always pushing each other to go further because we believe that when we realize our potential, we can help others reach theirs.
Join us and play your part in something special!
The opportunity:
The IT GRC team acts as a Line 1 Risk Defence team, supporting IT service owners and IT leadership around the world. The IT GRC team also routinely interacts with Enterprise Risk Management, Internal Audit, and Global Security.
This position will be responsible for helping to advance the IT GRC framework and procedures to assist IT in maintaining an effective control environment, and to continue to build a risk-minded culture. The evidence of this will be measurable results showing improvement in the overall quality of operational effectiveness through repeatable and measurable processes, and improved IT staff awareness and expertise of their risk and control environment.
What you’ll be doing:
Risk Assessment and Management
Perform risk assessments according to the IT GRC plan and procedures. This requires being willing to ask provocative questions and use analytical skill to analyse potential residual risk
Perform Project risk guidance to ensure projects have considered applicable risks. Assist project and support teams in identifying, implementing, and documenting internal controls to support new services as a part of go live readiness
Implement ad-hoc risk analysis on urgent areas of concern. This often requires working across multiple areas within the company to evaluate the risk, root-cause, and potential solutions
Uses consistent processes for identifying potential risk events, quantifying and documenting the probability of occurrence and the impact on the business
Collects and collates evidence as part of a formally conducted and planned review of activities, processes, products or service. Examines records as part of specified testing strategies for evidence of compliance with management directives, or the identification of abnormal occurrences
Refers to domain authorities for guidance on niche areas of risk, such as architecture and environment
Coordinates the development of countermeasures and contingency plans
Quality Management and Audit
Advises on the application of appropriate quality management techniques and standards
Ensures that projects, teams and functions have appropriate practices in place and are meeting required interpersonal quality levels
Resolves areas where existing processes should change from analysing audit findings
Takes ownership for controlling, updating and distributing interpersonal standards
Facilitates improvements to processes by changing approaches and working practices typically using recognised models
Provides advice and guidance in the use of interpersonal standards. Performs quality assurance reviews of suppliers and throughout the supply chain
Conducts formal audits or reviews to ensure compliance with interpersonal standards for activities, processes, data, products or services
Leverages experience to drive improvements to the overall quality of operational effectiveness through repeatable, measurable processes
Governance Processes and Reporting
Provides guidance and suggestions for improved governance processes to achieve strategic operational objectives
For projects, development or support activities; plans, organises and conducts audits and resolves whether appropriate quality control has been applied
Assists in the development of new or improved practices and organisation processes or standard. Facilitates localised improvements to the quality of system or services
Develop or enhance policies and related procedures for evaluating risk, establishing, and maintaining an effective system of internal control
Collates, collects and examines records, analyses the evidence and drafts all or part of formal compliance reports
Resolves risks associated with findings and non-compliance and proposes corrective actions
Assist in the creation of reporting dashboards by producing metrics and key risk indicators data
Help maintain our risk and control inventory within the Audit-Board tool
Maintain knowledge of industry regulations and risk standard process
Information and Records Management
Ensures implementation of information and records management policies and standard practice
Ensures effective controls are in place for internal delegation, audit and control relating to information and records management
Assesses and runs risks around the use of information
Provides reports on the consolidated status of information controls to advise effective decision making
Recommends remediation actions as the need arises
Ensures that information is presented optimally
Partnership and Support
Partners with IT Service Owners to improve awareness and expertise of their risk and control environments
Provide audit support for IT Service Owners and act as a centralised point of contact for Internal and External audit requests
Conducts formal reviews of activities, processes, products or services
Collects, collates and examines records as part of specified testing strategies for evidence of compliance with management directives, or the identification of abnormal occurrences
Analyses evidence collated and drafts part or all of formal reports commenting on the conformance found to exist in the reviewed part of an information systems environment
Assist with special projects relating to other initiatives as assigned
Partners with and provides expertise to other related governance functions within Markel, such as Global Security Services, Service Management, Internal Audit and Enterprise Risk Management to ensure key internal controls are in place and operating as intended
Build, develop, and maintain strong business relationships with business and technology partners
Our must-haves:
Experience with IT audit concepts, risk/control evaluation, process analysis, audit opinion preparation, audit research, and process testing
Prior experience in IT GRC, Risk Management, IT Audit (preferably Big 4 Audit firm experience), or Security
Experience with COBIT, ITIL, NIST, Secure Control Frameworks is preferred
Experience in AuditBoard and/or other GRC tools preferred
Experience establishing relationships and seen as a trusted partner to IT and business partners
Prior experience in vendor management risk analysis and governance
Willing to voice opinions and offer proposed solutions
Comfortable working in a matrixed environment and leading challenging priorities
Insurance industry background preferred
A phenomenal communicator who is able to articulate governance issues in plain language based on audience
Delivery of high-quality presentations
Strong organisation and time management skills
Strong analytical and problem solving skills
Strong teammate
Flexibility and attention to details
Strong desire for continuous improvement
The ability to influence without authority
Intermediate skills in Microsoft Office products (Excel, Outlook, Visio, Word)
One or more of the following certifications:
Certified Public Accountant (CPA), Certified Information Systems Auditor (CISA), Certified Risk Information System Control (CRISC), Certified Information Systems Manager (CISM), or Certified Information Systems Security Professional (CISSP)
Certification in IT and business governance frameworks such as COBIT, ITIL, NIST, Secure Control Frameworks a plus
Required - Bachelor’s degree or equivalent experience in Business Management, Accounting, Computer Science, Information Systems, other related field or military experience
Preferred - Master’s degree or equivalent experience in Information Systems or Business Administration
Who we are:
Markel Group (NYSE – MKL) a Fortune 500 company with over 60 offices in 20+ countries, is a holding company for insurance, reinsurance, specialist advisory, and investment operations around the world.
We’re all about people | We win together | We strive for better | We enjoy the everyday | We think further
What’s in it for you?
A great starting salary plus annual bonus & strong benefits package…
25 days paid holiday plus Bank Holidays, with the opportunity to buy/sell extra leave
Fantastic company pension scheme, private medical and dental cover, life assurance, travel insurance cover, income protection, season ticket loan as well as other great benefits on offer
There are countless opportunities to learn new skills and develop in your career and we can provide the support needed to do just that!
Are you ready to play your part?
Choose ‘Apply Now’ to fill out our short application, so that we can find out more about you.
Markel celebrates the value of a diverse workforce that brings experience and expertise from a wide variety of backgrounds and life circumstances. Whatever your background, if you feel you meet the requirements of this role then we want to hear from you. We are also happy to consider candidates who are looking for flexible working patterns.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status.
We will ensure that individuals with disabilities are provided with all reasonable accommodations to be able to participate in the job application or interview process and to perform essential job functions if successful. Please contact us via email at or call us at 0161 507 5827 to request any accommodations that may be needed. This includes any alternative formats of any documents or information on how to apply offline.