Company Vision Our vision is to be valued as a digital, customer-focused, centre of excellence.

Transcription

1 Jb Descriptin Jb Title: Senir Infrmatin Gvernance Analyst Abut SLC Student Lans Cmpany is a nn-prfit making Gvernment-wned rganisatin set up in 1989 t prvide lans and grants t students in universities and clleges in the UK. We are respnsible fr student supprt delivery in the UK. Cmpany Missin We enable ur custmers t invest in their futures by delivering secure, accurate and efficient assessment, payment and repayment services. Cmpany Visin Our visin is t be valued as a digital, custmer-fcused, centre f excellence. Jb Details Overview f department: The Infrmatin Gvernance and Cmpliance Team s remit is three fld: Assure Supprt the business with guidance and independent validatin, taking a hlistic view f risk, t enable them t make infrmed risk management decisins Ensures SLC dcuments it apprach t risk assessment, assuring it is repeatable, cst effective, and cllabrative, invlving the business and technical leads and embedded int Prject Delivery Cmply Ensuring adherence t bth internal and external requirements Oversee maintenance f achieved certificatins Prvides an nging watching brief t ensure security risks cntinue t be managed within appetite and in line with business expectatins Educate Maintain management awareness and engagement with Security General security and infrmatin cmpliance awareness Targeted training fr key stakehlder grups Grade: 5 Reprting t: Infrmatin Gvernance and Cmpliance Manager Budget Respnsibility: 85k Line Management Respnsibility: Yes 4 staff 1

2 Jb Purpse: A Senir Infrmatin Gvernance Analyst in the Infrmatin Gvernance and Cmpliance Team, within Assurance Services. The remit f the team has expanded frm Infrmatin Security Gvernance t include wider Data Gvernance and Cmpliance. Leading a team f fur, liaise with clleagues frm acrss the Business including Operatinal staff, IT, Security, Crprate Services, risk and Internal Audit, as well as middle and senir management t ensure that SLC cmplies with external Legal and Regulatry requirements as well as Internal Plicies and Stakehlder requirements. Yu must be flexible with the ability t apply their knwledge acrss a number f well established and emerging standards / areas including, but nt limited t: ISO Payment Card Industry Data Security Standard (PCI-DSS) Data Prtectin - EU GDPR ISAE 3204 (Assurance Reprts n Cntrls at a Service Organizatin) Recrds Management Data Quality gvernance Public Services Netwrk (PSN) Cde f Cnnectin The rle hlder must have practical experience in relatin t at least tw f the standards / areas listed abve and the ability t apply their knwledge t thers. Yu must have excellent leadership and peple skills, integrity, a gd eye fr detail, with an ability t engage clleagues frm acrss the team and business, in rder t build trust and effective wrking relatinships in rder t supprt SLC s varius Cmpliance activities. Key respnsibilities: Audit Oversee the delivery f specified utcmes and/r prvides supprt services acrss a brad range f audit cntrls by wrking within established r implementing enhanced systems. Crdinates, and delivers peridic audits f bth business and IT cntrls t assess the effectiveness f cntrl peratin against cntrl definitin. Liaise with the Infrmatin Gvernance Officers t supprt audit activity. Cmpliance C-rdinate, prvide versight and cnduct cntrl effectiveness reviews highlighting shrtcmings and suggesting imprvements in current cmpliance prcesses, systems and prcedures and act as the escalatin pint fr all regular cmpliance activity. Liaise with the Infrmatin Gvernance Officers t supprt cmpliance activity. Data Management Lead team members in reviewing, designing new and maturing existing infrmatin management practices t fulfil business bjectives and maintain cmpliance with applicable Plicies, Standards and Regulatins. Recmmendatins Acts as the escalatin pint t prvide advice n cntrl apprpriateness, enhancement and prcess imprvement t achieve required prfessinal standard and desired utcmes. 2

3 Risk Management Perfrm risk assessments t understand the level, significance and scpe f risk frm nn-cmpliance with a required standard, reprting back t business functins n current risk and cmpliance perfrmance. Prvides supprt t direct reprts during mre difficult cnversatins. Reprt Preparatin Challenge and quality assure cmplex dcuments prduced by the team t ensure that they meet the standard expected and the bjective f the engagement. Acts as the fcal pint fr peratinal reprting acrss multiple areas f respnsibility. Supplier Management Primary cntact fr cmmercial relatinship f suppliers supprting the Infrmatin Gvernance and Cmpliance Team s activities and versees rutine engagements ensuring that utputs are f the standard expected. Cntract Management Delivers required utcmes by managing day-t-day relatinships with cntract service prviders and cmmercial services t implement any enhancements required. Wrk Scheduling / Allcatin Determines wn schedule f activity based n high level bjectives and assigns wrk t ther staff as needed in rder t meet peratinal delivery milestne and cntinuus imprvement initiatives. Perfrmance Management Self-aware f persnal perfrmance, always striving t imprve the service prvided t the business. Drives a cntinuus imprvement culture within team thrugh effective line management and caching t ensure that thers meet the standard required using the crprate perfrmance management system. Administratin Oversee delivery and perfrm varius general administrative duties, t ensure that SLC can effectively demnstrate cmpliance t an external party, including: Chair meetings and frums supprting cmpliance activity and as apprpriate prvide Secretariat Crdinate gathering f infrmatin and drafting respnses t supprt (regulatry) requests fr infrmatin Ensure that dcumentary evidence is maintained fr crprate memry f all activities relating t Infrmatin Risk Management and cmpliance activities. Knwledge, Skills and Experience: Technical Skills Audit Crdinates and allcates wrk t deliver peridic audits f bth business and IT cntrls t assess their peratinal effectiveness against a cntrl definitin, and prvides quality assurance f utputs. Cmpliance Supervises clleagues delivering cmpliance activity and prvides technical guidance when required n achieving full cmpliance with applicable rules and regulatins in management and/r peratins. Risk Management Act as the escalatin pint fr clleagues that identify, assess, priritise and manage risks in a prductin prcess and prvides technical guidance when required. Data Management Act as an escalatin pint and prvides technical guidance when required n 3

4 acquiring, rganising, prtecting and prcessing data t fulfil business bjectives and maintain cmpliance with required standards. Plicy and Regulatin Prvides technical guidance and prvides clear directin when required n interpreting and applying knwledge f Data Gvernance related laws, regulatins and plicies acrss a brad range f areas. Actin Planning Prvides supprt t clleagues when technical guidance is required while develping apprpriate plans r perfrming necessary actins based n recmmendatins and requirements. Review and Reprting Prvides technical guidance when required n reviewing and creating relevant and effective reprts and cmbines/summarises fr stakehlder reprts. Verbal Cmmunicatin Is cnfident representing the functin at management frums, uses effective verbal cmmunicatins skills and prvides guidance t direct reprts when required n expressing ideas, requesting actins and frmulating plans r plicies. Behaviur Skills Attentin t Detail Manages, tracks and attends t multiple artefacts being delivered individually and by the team. Specifically, checks wn wrk and that f staff, prviding feedback t reduce future effrt. Apprach t Thinking Thinks thrugh situatins f varying degrees f cmplexity and ambiguity, in rder t understand them clearly. Specifically, sees cmplex relatinships; fr example, identifying cause and effect, synergies and interrelated dependencies acrss seemingly separate pieces f wrk. Self-Cnfidence Functins independently and with cnfidence in challenging situatins. Cmfrtable intervening in difficult situatins via escalatin, typically with senir members f staff, ensuring the rganisatin fllws the right path, rather than that f least resistance. Escalatin Understands when it is apprpriate t act and highlight r escalate areas f cncern t the apprpriate Senir Manager in a timely manner. Understanding Others Takes an active interest in ther peple. Seeks t understand their individual perspectives and cncerns and accurately hears the unspken r partly expressed thughts, feelings and cncerns f thers. Specifically, actively listens; fr example, repeating what was heard t check understanding, particularly in difficult cnversatins. Cllabrative Influence Wins the hearts and minds f thers acrss bundary cllabratins and t d the right thing, regardless f frmal authrity. Specifically, invites individual cperatin; fr example, inviting the sharing f alternative slutins r viewpints. Earning Trust Acts cnsistently in a trustwrthy manner. Earning trust includes, when necessary, taking persnal r career risks t act in a way that is cnsistent with ne s wn values. It generally prduces a reputatin fr ethics, integrity and credibility. Specifically, acts n values; fr example, acting n values when it is difficult t d s. (e.g. Delaying a g live by invking escalatin t the relevant business authrity when key Gvernance r Cmpliance artefacts have nt been delivered r prcesses circumvented t the detriment f business bjectives r risk appetite). 4

5 Educatin & Experience Line management experience Experienced practitiner able t lead thers and wrk unsupervised: Relevant Risk / Infrmatin Management, Cmpliance r Regulatry experience in a business facing rle Brad knwledge f relevant Cmpliance and Regulatry requirements (utlined abve) Specialist knwledge and practical experience in at least tw f the areas (utlined abve) Experience and understanding f risk management Educated t Degree level r equivalent experience gained in Industry r Gvernment Relevant Industry recgnised qualificatin r prfessinal certificatin Additinal Infrmatin Security clearance t SC Level r the ability t achieve this clearance 5