This job is to monitor IT systems to ensure they follow policies and practices. They must evaluate technology, identify controls, and keep throughout records. In addition to this, implementing policies and day-to-day functions related for business continuity, disaster recovery management, compliance management/internal controls, risk management, ethics management, internal and external audits. This position is newly created in our London office.


  • Participate in the development of the annual IT Risk & Governance design 
  • Coordinate, execute and manage the planning, testing and reporting phases for multiple concurrent IT audits 
  • Design, review and approve tests that identify control weaknesses, and provide strategic recommendations to enhance business operations 
  • Present findings to senior management and negotiate suggested action plans 
  • Participation in special projects or other duties as required 
  • Participate in a primary capacity in supporting compliance, and regulatory activities, including, but not limited to: PCI, SSAE16, Regulatory, Sarbanes-Oxley (SOX 404), ISO27001/9001 
  • Work collaboratively with various technical teams in the design and implementation of audit, regulatory, and compliance practices for information security 
  • Manage the ongoing effectiveness of information security controls (automated, manual, and needing development), working with a variety of control owners within the Information; Security and Technology organizations, and evaluating control design and standards in a variety of program areas 
  • Develop data points into information security and risk management reporting activities, including dashboards, metrics, and executive reporting content 
  • Advise senior and executive management on the status of technology risk and compliance controls based on assessment results and information from various monitoring and control systems 
  • Manage industry certifications for operations 
  • The administration, development, and implementation of policies and procedures for providing recovery of FM London services 
  • Design, implement and maintain redundant systems, policies and procedures for disaster recovery, data archiving and security to ensure effective protection and integrity of data assets 
  • Conduct research and make recommendations on products, services, protocols and standards in support of procurement and development efforts
  • Develop, implement and maintain change control and testing processes for service, application and infrastructure modifications 
  • Establish appropriate end-user access controls, best practices and perform transaction and security audits
  • Maintain and increase personal knowledge of the FML solutions and services to enable the better execution of the role
  • Deliver staff training and education in the areas of security, BCP, DR and best practice


  • BA, BS or MBA Degree
  • Relevant, industry recognized security certification
  • Knowledge of SOX 404, SSAE16, AML, ISO27001/2, FFIEC, BCP and COBIT relevant frameworks
  • Strong understanding of current regulatory expectations for financial services organizations
  • Experience using RSA-Archer application
  • CISA, BCP, ITIL, BSE, PMP/Prince2, Agile, BS 25999 standards, RESILIA, CISSP or other relevant certification preferred
  • Excellent project management skills
  • Familiarity with infrastructure, networking, security and software development processes