Bupa Logo

Bupa

IT Risk & Control Testing Analyst

Job Posted 9 Days Ago Posted 9 Days Ago
Be an Early Applicant
3 Locations
Mid level
3 Locations
Mid level
The IT Risk & Control Testing Analyst tests IT controls across business applications, focusing on risk-based assessments, audits, and remediation documentation.
The summary above was generated by AI

Job Description:

IT Risk & Control Testing Analyst

Flexible on Location London – EC2R 7HJ, Staines - TW18 3DZ, Manchester – M50 3SP

Hybrid (3 to 4 days working from home)

Permanent

£39,500 - £49,500 plus fantastic benefits

Full time – 37.5 hrs

We make health happen

At Bupa, we’re passionate about technology. With colleagues, customers, patients and residents in mind you’ll have the opportunity to work on innovative projects and make a real impact on their lives.

Right from the start you’ll become part of our digital strategy, joining us on our journey and developing yourself along the way.

The IT Risk and Controls Testing Analyst will be part of a team of four working under the guidance of IT Risk and Control Assurance Manager with the primary purpose of testing the IT controls that are applied to business applications and to the processes, services and infrastructure that support them.  

The Testing Analyst will cover all types of Information Technology (IT) and Information Security (IS) controls, and taking a risk-based approach will test the set of controls. This includes controls related to cyber security (modelled on the NIST, ISO, CIS-20 & CCM frameworks) as well as general IT controls aligned to the COBIT and ITIL frameworks.

You’ll help us make health happen by:

  • Collaborate with a team of testing colleagues to perform Risk based control testing.

  • Execute the control testing activities in line with the guidance provided by the IT Risk and Control Assurance Managers and IT Risk and Control Testing Specialists

  • Facilitate risk and control self-assessments.

  • Provide “audit quality” independent testing documentation of IT processes and controls

  • Track the remediation of any defects identified by the RCSA process.

  • Support the IT Risk & Control Assurance Managers and IT Risk & Control Testing Specialists in ad hoc deep-dive reviews of IT processes and controls, specifically where repeated incidents have occurred

  • Document and report control deficiencies and capture recommended improvements to process and control design and operation.

  • Conduct onsite or desk-based control assessments of third parties during the onboarding or tender process under the guidance of the IT Risk & Control Assurance Managers and IT Risk & Control Testing Specialists

  • Build a trusted relationship with IT Risk Process and IT Control owners.

  • Work with the Process and Control owners to improve Processes and Controls

Key Skills / Qualifications needed for this role:

  • Formal training and hands-on experience of designing, operating or auditing IT Controls.

  • Experience of IT in a regulated financial services company would be useful but is not essential

  • Experience in auditing cloud service and deployment models would be useful but not essential

  • Demonstrable experience in Information Technology audits or IT Assurance (e.g. CISSP, CISM, CISA, CRISC, CCAK)

  • A sound understanding of British and International Security Standards (e.g. ISO/IEC 27001, ISO/IEC 27002, NIST, CIS-20, PCIDSS) and the UK regulatory environment (e.g. ICO, FCA, PRA and CQC).

  • Strong interpersonal, communication and influencing skills with the confidence and ability to operate effectively at all levels including third parties and external customers

  • Professional experience in carrying out IT control reviews in a 1s, 2nd or 3rd line of defence position

  • Ability to work under pressure maintaining tight deadlines, high concentration levels and keeping up with workflow requirements

Benefits

Our benefits are designed to make health happen for our people. Viva is our global wellbeing programme and includes all aspects of our health – from mental and physical, to financial, social and environmental wellbeing. We support flexible working and have a range of family friendly benefits.

Joining Bupa in this role you will receive the following benefits and more:

  • 25 days holiday, increasing through length of service, with option to buy or sell

  • Bupa health insurance as a benefit in kind

  • An enhanced pension plan and life insurance

  • Annual performance-based bonus

  • Onsite gyms or local discounts where no onsite gym available

  • Various other benefits and online discounts

Why Bupa?

We’re a health insurer and provider. With no shareholders, our customers are our focus. Our people are all driven by the same purpose – helping people live longer, healthier, happier lives and making a better world. We make health happen by being brave, caring and responsible in everything we do.

We encourage all of our people to “Be you at Bupa”, we champion diversity, and we understand the importance of our people representing the communities and customers we serve.  That’s why we especially encourage applications from people with diverse backgrounds and experiences.

As a Disability Confident employer, we offer a guaranteed interview for every disabled applicant who meets the minimum criteria for the job. We’ll make sure you are treated fairly and offer reasonable adjustments as part of our recruitment process to anyone that needs them.

If you would like more information on the role, require an alternative format, or would like to discuss other opportunities suited to your skills and experience, please contact the Recruiter

#LI-SB1

Time Type:

Full time

Job Area:

Legal, Risk & Audit

Locations:

Angel Court, London, Bupa Place, Staines - Willow House

Top Skills

Cis-20
Cobit
Cyber Security Frameworks
Iso/Iec 27001
Iso/Iec 27002
Itil
Nist

Bupa Manchester, England Office

Bupa Place, 102 The Quays, Manchester, United Kingdom, M50 3SP

Similar Jobs

An Hour Ago
Hybrid
London, Greater London, England, GBR
Senior level
Senior level
Artificial Intelligence • Cloud • Information Technology • Legal Tech • Productivity • Software
As a Principal Information Security GRC Analyst, you will lead a security team, manage compliance efforts, mentor junior analysts, and develop security documentation and training programs.
Top Skills: Cloud ComputingCsa StarIso 27001Nist 800-XxSoc 2
An Hour Ago
Hybrid
London, Greater London, England, GBR
Junior
Junior
Productivity • Sales • Software
As a Technical Support Engineer, you'll troubleshoot complex cases, manage customer interactions, investigate issues, and collaborate with teams to resolve problems efficiently.
Top Skills: Chrome Dev ToolsGraphql ApiRest Apis
Yesterday
Hybrid
London, Greater London, England, GBR
Senior level
Senior level
Financial Services
As a Lead Cybersecurity Architect, lead complex projects, design and implement security solutions for acquisitions, conduct risk assessments, and foster relationships with stakeholders.
Top Skills: AWSAzureCcspCismCisspGiacGCPOscp

What you need to know about the Manchester Tech Scene

Home to a £5 billion digital ecosystem, including MediaCity, which consists of major players like the BBC, ITV and Ericsson, Manchester is one of the U.K.'s top digital tech hubs, at the forefront of advancements in film, television and emerging sectors like as e-sports, while also fostering a community of professionals dedicated to pushing creative and technological boundaries.
By clicking Apply you agree to share your profile information with the hiring company.

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account