Dewislen

Governance, Risk & Compliance Lead, Identity & Access Management (GRCIAM)

Manylion swydd
Dyddiad hysbysebu: 11 Tachwedd 2025
Oriau: Llawn Amser
Dyddiad cau: 11 Rhagfyr 2025
Lleoliad: Edinburgh, EH12 1HQ
Cwmni: NatWest Group
Math o swydd: Parhaol
Cyfeirnod swydd: R-00268069

Gwneud cais am y swydd hon

Crynodeb

Join us as a Governance, Risk & Compliance Lead, Identity & Access Management

  • This role will see you applying effective controls and risk management thinking in an IT environment, anticipating and assessing the potential impact of risk across the bank
  • You’ll manage and oversee Identity and Access Management (IAM) controls, while supporting the identification and assessment of material IT risks, and in determining their position relative to agreed appetites
  • Collaborating with senior stakeholders across the function, you’ll drive forward the development and delivery of remedial action plans where identified risks are considered out of appetite

What you'll do

As a Governance, Risk & Compliance Lead, you’ll be responsible for leading and owning the effectiveness of the IAM controls environment. Demonstrating risk leadership and advocacy, you’ll support a culture of proactive and pre-emptive risk management and continuous improvement, and you’ll lead the controls design and management for Security Services.

You’ll be quantifying risk in terms of financial impact, reputation, operational disruption and regulatory impact, as well as interpreting security metrics and developing reporting to leadership in a clear and actionable way. As well as taking ownership of control outcomes for Security Services, we’ll look to you to manage and articulate risk, and design and assess controls to mitigate identified risks.

You’ll also:

  • Lead the Security Services Controls environment, making sure all controls are adequate and effective and that management action plans for the technology platform findings are executed, ensuring the achievement of operational risk objectives
  • Support the creation of management action plans along with papers for the Risk Committees, demonstrating an understanding and articulation of our Risk and Risk Management processes
  • Follow up on Management Action Plans, demonstrating stakeholder management and influencing skills
  • Lead reporting on controls, issues, test schedules, and outcomes
  • Take ownership for building and maintaining a network of key contacts and influencers, acting as the primary interface for internal and external audit
  • Conduct annual process and control assessments
  • Provide thought leadership for controls design and management for the IAM and Privileged Access Management transformations and Microsoft Identity Manager Service uplift

The skills you'll need

We’re looking for an experienced GRC professional with the ability to quantify risk in terms of financial impact, reputation, operational disruption, and regulatory impact. You’ll be a trusted controls expert who can collaborate with our Risk, Audit and Controls colleagues to ensure the IAM controls in Security Services are robust, evidencable and stand up to rigorous testing. You’ll also have knowledge of internal and external audit processes and experience of preparing responses to auditors from internal and external audit teams.

Additionally, you’ll have a deep understanding of managing and articulating risk, and the ability to design, implement, and assess internal controls to ensure compliance with regulatory and internal standards. We’ll expect you to have good data analysis skills and regulatory and framework knowledge, such as ISO27000, NIST, Sarbanes Oxley and PCI DSS. Along with excellent collaboration, communication and relationship-building skills, you’ll have meticulous attention to detail for policy, standards and compliance. Certifications such as CRISC, CISA, CGRC or CISM is desirable.

In addition to this, you’ll demonstrate the ability to:

  • Design and assess controls to mitigate identified risks
  • See through the delivery of management action plans to remediate inadequate or ineffective controls
  • Interpret metrics and report to leadership in a clear and actionable way
  • Take ownership of control outcomes for Security Services
  • Manage stakeholders and management action plans from groups outside of Security and achieve outcomes in closing action plans and bringing controls back to adequate and effective
  • See through the delivery of management action plans to move inadequate or ineffective controls back to adequate and effective
  • Explain complex risks, governance policies and compliance requirements to non-technical stakeholders

Gwneud cais am y swydd hon