IT Governance, Risk & Compliance Manager

Define, maintain, and operationalize IT governance practices aligned with organizational governance frameworks.

Support the implementation of relevant IT policies, standards, procedures, and control frameworks.

Ensure accountability and clarity of IT governance roles (e.g., control owners, process owners, evidence owners).

Monitor adherence to governance requirements and escalate breaches or persistent non-compliance.

Lead the first-line IT risk management process, including identification, assessment, treatment, and monitoring of IT risks.

Maintain the IT risk register and ensure risks are accurately described, scored, and owned by the appropriate accountable business and IT owners.

Support risk treatment planning (mitigation, acceptance, or transfer, where applicable) and ensure implementation is tracked to completion.

Establish risk reporting and governance rhythms (e.g., risk committees or steering sessions) and provide actionable insights to management.

Ensure compliance with applicable regulatory, legal, contractual, and internal requirements impacting IT.

Coordinate compliance assessments and gap analyses, translating requirements into practical control expectations.

Maintain compliance trackers and obligation registers, including deadlines, evidence requirements, and status reporting.

Support management in handling exceptions, remediation plans, and required approvals.

Plan, coordinate, and execute first-line combined assurance activities for IT controls and risk themes.

Validate control effectiveness through collaboration with control owners and process owners (evidence reviews, testing coordination, walkthroughs).

Ensure assurance coverage is risk-based, documented, and avoids duplication across assurance activities.

Provide assurance results and insights to management, highlighting material control gaps and recurring themes.

Act as the primary point of contact for first-line audit support relating to IT governance, risk, and compliance.

Coordinate audit requests, including evidence compilation, walkthroughs/interviews, and responses to audit queries.

Track audit findings and issues to closure, ensuring correct classification, root cause analysis, accountable ownership, and realistic remediation timelines.

Provide periodic reporting on audit status, key themes, and overdue items to relevant stakeholders.

Continuously review and enhance GRC methodologies, templates, control libraries, workflows, and reporting dashboards.

Identify process improvement opportunities and implement enhancements to improve evidence quality, timeliness, and control assurance outcomes.

Stay current with evolving IT governance, risk, and compliance expectations and recommend improvements accordingly

Lead, coach, and develop a dedicated IT GRC team (where applicable), ensuring clear accountability for governance, risk, compliance, assurance, and audit support activities.

Assign and manage workloads, set priorities, and ensure team activities align with the annual GRC plan, risk appetite, and audit/compliance calendars.

Provide guidance and technical oversight to team members on risk assessments, control evaluations, compliance gap analyses, evidence standards, and issue remediation.

Manage relationships and working arrangements across cross-functional stakeholders, including escalation paths and communication protocols when risks or compliance breaches are identified.

Monitor team output and effectiveness through quality checks (evidence adequacy, completeness of risk/control documentation, and timeliness of reporting), and drive continuous improvement actions.

Degree or qualification in Information Technology, Information Systems, Risk/Compliance, Audit, or a related field.

Relevant professional qualification(s) in risk, compliance, audit, governance, or IT (e.g., CIA, CISA, CRISC, COBIT, ISO-related credentials, or equivalent).

Proven ability to lead and manage teams.

Proven experience in IT governance, risk management, and/or IT compliance within a regulated environment.

Experience performing or supporting IT audits, control testing, or assurance activities (internal and/or external audits).

Demonstrated ability to manage end-to-end remediation of audit findings and control gaps.

Strong exposure to first-line control ownership and evidence management practices.

Experience coordinating with multiple stakeholders (IT operations, engineering teams, security, internal audit, compliance, and management).

Familiarity with governance frameworks and risk/compliance operating models (e.g., risk registers, control frameworks, compliance obligation tracking).

Strong risk and control mindset, with the ability to translate requirements into practical control expectations.

Excellent stakeholder management and facilitation skills (e.g., workshops, walkthroughs, alignment sessions).

Strong analytical and problem-solving skills, including root cause analysis and remediation planning.

Competence in producing clear documentation, control and evidence standards, and auditable records.

Strong reporting skills, with the ability to deliver concise, executive-ready risk and compliance insights.

Ability to prioritize effectively and manage multiple workstreams simultaneously while meeting deadlines.

Proficiency in GRC tooling and/or risk and compliance tracking systems (or similar workflow systems).

Knowledge of IT governance and control concepts (e.g., access management, change management, incident and problem management, IT operations controls).

Understanding of common IT risk types (technology, operational, cyber-related where relevant, third-party/vendor, data/privacy, and availability risks).

Awareness of regulatory and internal compliance expectations relevant to financial services (specific regulations can be listed once confirmed).

Familiarity with audit processes and evidence standards, including how findings are classified and closed.

Working knowledge of security and risk concepts that commonly intersect with IT governance.