IT Risk and Controls Analyst

Company Description

Shawbrook is a specialist bank driven by a purpose to power up ingenuity to create opportunity, every single day.              

We offer a diverse range of savings and loan products. From personal and business savings accounts and loans for wedding and new cars, to complex financial credit facilities for businesses requiring significant investment and mortgages for landlords with multiple properties – no two customers are ever the same.      

We give our customers the best-of-both worlds; uniquely combining strong digital capabilities with human expertise and ingenuity to deliver the best outcomes. We rise to the challenge of a complex case or unconventional circumstances, and we love to make things happen. By being creative, practical, and personal, we know we can always find the right solution for our customers. 

The role 

This role is critical in strengthening Shawbrook’s first line technology control environment.  By delivering robust control testing and effective risk management support, the IT Risk & Controls Analyst helps ensure that Technology and Cyber risks are understood, managed and reported appropriately, protecting the Bank, supporting regulatory compliance, and enabling safe and sustainable growth. 

The IT Risk & Controls Analyst supports the effective management of technology and cyber risk within the CTO function. The role is responsible for executing and documenting control testing across Technology & Cyber, Data Governance & Quality, and Transformation (Change), ensuring risks and issues are accurately recorded and tracked, and contributing to high-quality risk reporting. 

The individual will operate within the First Line of Defence, working collaboratively with Technology, Cyber Security, Data and Change teams, as well as the central Risk and Controls and Second Line Risk functions, to ensure Shawbrook maintains a strong and well-evidenced control environment aligned to regulatory expectations (PRA/FCA) and internal risk management standards. 

This is a fantastic opportunity to sit at the heart of Technology in a growing specialist bank and play a visible role in strengthening how we manage risk. As IT Risk & Controls Analyst, you won’t just be “testing controls”, you’ll be influencing how Technology, Cyber, Data and Change operate safely and effectively at scale. 

Job Description

Key Role Responsibilities  

Control Testing & Assurance 

• Plan, document and execute control testing across Technology & Cyber, Data Governance & Quality, and Transformation / Change domains. 

• Assess control design and operating effectiveness, clearly evidencing outcomes and identifying control gaps. 

• Produce concise test reports, agree remediation actions with control owners, and track issues to closure. 

• Coordinate testing schedules with the central Controls function and ensure consistency of methodology and documentation. 

• Support continuous improvement of the Technology control environment, identifying opportunities for automation and maturity uplift. 

Risk & Issue Management 

• Support the accurate logging, maintenance and quality assurance of risks and issues within AuditBoard (GRC tool). 

• Monitor remediation activity, ensuring actions are tracked, evidenced and escalated where required. 

• Support audit and regulatory engagement by ensuring risk and control artefacts are complete, current and defensible. 

Risk Reporting & Governance 

• Contribute to monthly Technology risk reporting, including control testing results, risk profile movements, issue status and key themes. 

• Support preparation of materials for CTO and Risk governance forums. 

• Support RCSA cycles, risk assessments for new initiatives, and oversight of material change. 

• Contribute to regulatory, audit and assurance interactions as required. 

Skills & Experience 

Essential 

• Experience in IT risk, technology controls, internal controls testing, or IT audit (First, Second or Third Line). 

• Understanding of technology and cyber risk domains (e.g. access management, change management, SDLC, incident management, data governance). 

• Experience documenting and executing control tests, including evidence gathering and evaluation. 

• Strong written skills, with the ability to produce clear, structured documentation and reports. 

• Familiarity with GRC tooling (e.g. AuditBoard or equivalent). 

• Good understanding of risk management principles within a regulated financial services environment. 

• Strong stakeholder engagement skills with the confidence to challenge constructively. 

• Analytical mindset with strong attention to detail.  

Desirable 

• Experience within a UK regulated bank or financial services firm. 

• Awareness of PRA/FCA regulatory expectations, Operational Resilience, and SMCR. 

• Knowledge of control frameworks (e.g. COBIT, ITIL, NIST, ISO 27001). 

• Professional qualifications (or working towards) such as CISA, CRISC, CISSP, or equivalent. 

• Experience supporting change / transformation risk oversight.  

Qualifications

Education/Professional Qualifications 

Shawbrook is committed to providing opportunities to all candidates, and understand that not all candidates may possess a qualification or education aligned to the role. We will assess each candidate on their individual experience and skills, and not solely on level of education. 

Key attributes 

• Ownership & Accountability – Takes responsibility for delivering high-quality outputs and meeting deadlines. 

• Constructive Challenge – Able to question control design and effectiveness in a professional and evidence-based manner. 

• Collaboration – Works effectively across Technology, Risk and Change teams. 

• Continuous Improvement – Proactively identifies opportunities to strengthen the control environment. 

• Integrity & Professional Judgement – Demonstrates sound judgement in assessing risk and control effectiveness. 

Additional Information

Reward:

Your Wellbeing - We take your health and well-being very seriously by providing a range of benefits to give you and your family peace of mind. These include:

• Market leading family friendly policies such as access to our Maternity, Adoption and Paternity policies from Day 1 of your employment
• Free access to Headspace, a mindfulness & meditation digital health app
• Free access to Peppy digital health app that offers personalised support through fertility treatment becoming a parent or menopause
• EAP (Employee Assistance Programme) - Offering you support on a wide range of subjects including financial concerns, mental wellbeing and more general queries around family, work, housing and health
• Cycle to work scheme
• Discounts on gym membership
• Contributory pension scheme & death in service

Your Lifestyle - It’s important you strike the right balance between your work and personal life. We provide benefits to support you when at work and when you’re enjoying your leisure time.

• Minimum of 25 days holiday per year
• Option to buy or sell holiday days through our flexi-holiday scheme
• Discounts on gym membership nationwide
• Access to discounts on a range of high street and online brands
• Community support and charitable giving

Your Contribution - We’re focused on rewarding those that go the extra mile in helping us achieve our goals.

• Participation in our annual discretionary bonus scheme designed to reward your contribution to our success
• Proudly Shawbrook recognition scheme focused on recognising our role models and thanking our colleagues for a job well done