Untitled 102 2

Senior IT Risk & Control Advisor


Senior IT Risk & Control Advisor

Dublin | Ireland

The IT@BOI Assurance function is responsible for providing independent assurance over the risk management activities performed by IT@BOI.

The Senior IT Risk and Control Advisor role, sittingwithin the Issue Management Assurance team, is responsible for conducting key assurance-related activities in order to provide independent assurance over IT issue management. `Issues` typically relate to control failures or deviations, self-identified issues, audit issues or regulatory issues and are deemed high priority for Management to address.

This role supports and reports into the Manager of the Issue Management Assurance team.

Key Responsibilities:

  • Providing robust oversight and assurance, monitoring and tracking of all issue types including self-identified, internal audit, external audit, financial reporting, control testing, regulatory and compliance in line with the BCF framework and methodology.
  • Providing day-to-day on-the-job coaching and mentoring of more junior staff members within the team including review of the work of more junior staff and providing feedback.
  • Increasing the profile of the Issue Management team withinIT@BOI Assurance and acting as a sound advisor on issue management for all IT-related issues through effective communication withIT@BOI issue owners/Senior Management etc.
  • Leading and facilitating issue workshops withIT@BOI issue owners/Senior Management in order to review and challenge the detail, status and action plans of high priority issues.
  • Advising issue owners on key aspects of issue recording, tracking and remediation under the BCF including issue type, issue wording, issue categorisation, causal categories, issue ratings and issue impact.
  • Guiding issue owners on the development of action plans related to issue remediation in line with the S.M.A.R.T. method and the Group requirements under the BCF methodology.
  • Conducting periodic quality assurance reviews of issue data (including action data) and oversight of key changes made by Management to this data, for example, changes in issues, issue ratings, issue type categories, action plan data etc. and providing quality feedback to issue owners in order to help improve data quality.
  • Leading/facilitating training in order to increase Management awareness of the methodologies in relation to issue management including supporting issue owners with their understanding of the issue management processes and the requirements for creation of new issues and their alignment to the appropriate process, risk, and/or control.
  • Supporting issue owners during the monthly issue review cycle to enable them to increase their awareness of the requirements of the cycle in terms of quality and details.
  • Supporting issue owners in embedding and operationalising the issue management process within their functional areas of responsibility through provision of regular support, feedback, training, oversight etc.
  • Supporting IT Leadership and issue owners with targeted issue assurance reviews from the second line of defence (Group Operational Risk).
  • Leading interactions with the wider IT and business Assurance team(s) and with the Divisional Assurance team to meet common Assurance goals and objectives.
  • Supporting Manager in order to maintain and build key relationships with the other lines of defence across first, second and third lines.

Essential Qualifications:

  • Strong knowledge of ITIL Foundation v3 (certification in ITIL Foundation v3 and/or in ISACA’s CISA and/or CRISC qualifications is advantageous)

Essential Skills & Experience :


  • 5 years or more experience relating to operational risk management or IT internal/external audit or IT risk management or IT controls or IT assurance.
  • Strong understanding of IT risk and control frameworks/methodologies and how these apply to management of the issues arising from these weaknesses.
  • Experience of operating and/or reviewing IT general controls (such as change management, logical access and IT operations).
  • Proven ability to perform quality assurance of issue data (and potentially risk and control data) and communicate/report on gaps or non-compliance with required methodology.
  • Strong knowledge of IT Process and Control Framework.


  • Strong understanding of IT risk management concepts.
  • Understanding of continuous improvement activities.
  • Significant attention to detail.
  • Proven ability to perform quality assurance (QA) and provide feedback.
Closing date: Jul 23, 2017

Thank you

What happens next?

You've seen your dream job, now what can you expect from the process?