Audit & Risk Lead – London About finova finova is the UK's largest cloud-based mortgages and savings software provider, supporting over 60 leading lenders, 3000 mortgage brokers and 200 financial institutions.
Our suite of award-winning software includes a Core Banking Platform, Broker Platform and finova Connect, a range of solutions that connect lenders, intermediaries and consumers.
We want to be the leading software fintech provider with SaaS delivery and the best security solutions.
GRC, Audit and Security are a large focus for finova as we step into the next level of maturity as an organisation.
This role will assist a GRCS function in its infancy to mature our GRCS levels across the business.
Role Overview: This role is accountable to the Head of Risk & Compliance, and ultimately the COO.
As the Audit & Risk Lead within the R&C function, you will play a crucial role in ensuring the delivery of compliance, security, and governance within our solutions offered to clients in Azure & AWS cloud-hosted estates.
Responsibilities: Assess and implement compliance measures in line with the R&C control framework.
Audit and review control sets internally of the product in line with our control framework and ISO certification.
Manage client audits on the products as part of the wider Client Governance Schedule.
Work alongside the wider risk team to implement and further embed risk management.
About you: • Extensive recent experience in auditing is essential as well as managing compliance and governance (preferably for fintech software companies in the financial services sector).
• Bachelor's degree in computer science, Information Security, Business Management, or a related field.
• Knowledge of DevOps development cycles and secure development is an advantage.
• In-depth knowledge of SS2/21 material outsourcing, FCA & PRA regulations, NIST, and ISO, with a proven track record of implementing and maintaining compliance & control frameworks.
• Experience with Azure/AWS cloud services and Azure DevOps Boards and security practices related to cloud-hosted estates is desired.
• The ability to work with multiple different L1 departments both in software development and servicing, and partnering with the wider risk team is essential.
What will you be doing?
Auditing: Pre-audit ISO27001 control cycle before the certification.
Plan and perform internal auditing on products and key risk areas.
Manage Client Audit Schedule planned in advance annually partnering with the account managers.
Engage with clients to perform their audits, identify gaps and work with stakeholders to provide management responses.
Risk Framework: Embed risk and compliance frameworks within product servicing to ensure regulatory and contractual compliance.
Lead efforts to implement control remediations, policies, and procedures within product servicing aligned with our framework.
Client engagement: Work with the Senior Risk Analyst on the overall Client Governance schedule covering annual due diligences and audits.
Develop a relationship with the customer as a trusted advisor and contact point, providing insights and recommendations on best practices and compliance approaches.
Governance, Reporting & Collaboration: Support monthly & quarterly reporting on risk and implementation plans relating to risk management as part of the R&C function.
Collaborate with other senior leaders within finova to integrate compliance and security measures into product development and service delivery.
What will you get from joining the finova family?
Flexible Working: 25 days holiday in each calendar year plus bank holidays.
Work from anywhere in the world for up to 4 weeks a year.
We offer a flexible hybrid working policy.
Looking After You: Life Assurance, Group Income Protection and Private Medical Insurance.
Pension scheme via Salary Exchange.
Equal Opportunity Statement: Diverse teams really are the best teams, we promote a working environment in which diversity is recognised, valued and encouraged.
#J-18808-Ljbffr