Audit & Risk Lead – London
About finova
finova is the UK’s largest cloud-based mortgages and savings software provider, supporting over 60 leading lenders, 3000 mortgage brokers and 200 financial institutions. Our suite of award-winning software includes a Core Banking Platform, Broker Platform and finova Connect, a range of solutions that connect lenders, intermediaries and consumers. Fast implementation and open architecture are at the centre of our technology, giving our customers the flexibility to integrate into their existing systems or configure solutions to meet the needs of their business. We specialise in offering cutting-edge fintech software to empower our clients with advanced tools and capabilities to stay competitive. As we expand our offerings and client base, we seek a highly skilled and experienced Managed Service, Security & Compliance Director to join our team.
Core Banking Platform
finova’s Core Banking Platform includes the UK market-leading cloud-based origination software and integrated in-life servicing software. The platform supports mortgages, equity release, specialist lending and savings. Over £75 billion has been originated through the system by our customers, and over £27 billion of loans and savings are managed through the servicing platform.
The platform is designed for fast implementation and facilitates day-to-day banking operations. Utilising the latest technology, the API-led platform seamlessly integrates with over 20 third-party applications, enabling financial institutions to self-configure the platform effortlessly and efficiently to meet the rapidly changing demands of the market.
We want to be the leading software fintech provider with SaaS delivery and the best security solutions and alignment to the above standards, the ‘Go To’ in the market for startups and established organisations looking to take the next step in their technology adoption.
GRC, Audit and Security are a large focus for finova as we step into the next level of maturity as an organisation, this role will assist a GRCS function in its infancy to mature our GRCS levels across the business.
Role Overview:
This role is accountable to the Head of Risk & Compliance, and ultimately the COO.
As the Audit & Risk Lead within the R&C function, you will play a crucial role in ensuring the delivery of compliance, security, and governance within our solutions offered to clients' in Azure & AWS cloud-hosted estates.
Your responsibilities will revolve mainly around assessing and implementing compliance measures in line with the R&C control framework. Auditing and reviewing control sets internally of the product in line with our control framework and ISO certification, as well as managing client audits on the products as part of the wider Client Governance Schedule.
You will also interlink with the wider R&C framework where there are control remediations as a result of audit findings or risk events that may impact the outcome of audits. Working alongside the wider risk team to implement and further embedded risk management.
This role will be both internal and client facing.
About you:
• Extensive recent experience in auditing is essential as well as managing compliance and governance (preferably for fintech software companies in the financial services sector)
• Bachelor’s degree in computer science, Information Security, Business Management, or a related field
• Knowledge of DevOps development cycles and secure development, an advantage
• In-depth knowledge of SS2/21 material outsourcing, FCA & PRA regulations, NIST, and ISO, with a proven track record of implementing and maintaining compliance & control frameworks, and stay abreast of incoming regulations
• Experience with Azure/AWS cloud services and Azure DevOps Boards and security practices related to cloud-hosted estates is greatly desired
• The ability to work with multiple different L1 departments both in software development and servicing, and partnering with the wider risk team is essential
What will you be doing?
Auditing
• Pre-audit ISO27001 control cycle before the certification
• Plan and perform internal auditing on products and key risk areas
• Manage Client Audit Schedule planned in advance annually partnering with the account managers
o Pre-audit and prep with the key stakeholders in advance of audits to prep the evidence and pre-identify gaps
o Engage with clients to perform their audits, identify gaps and work with stakeholders to provide management responses
• Link any findings of audits into the wider Risk management framework and remediation schedule, as well as updates to the Due diligence framework in Risk Ledger
• Work with key internal stakeholders to develop in house SoPs for audit evidencing to improve consistency and robust control improvements, as well as automation where possible
• Develop internal auditing reporting to cover ISO framework as well as wider internal audit requirements
Risk Framework:
• Along with the R&C function work to embed risk and compliance frameworks within product servicing to ensure regulatory and contractual compliance
• Work in line with the overall control framework using Risk Ledger which is aligned to ISO27001, SO23001, ISO9001, FSQS audit and NIST
• Lead efforts to implement control remediation's, policies, and procedures within product servicing aligned with our framework using Risk register and risk events
Client engagement:
• Work with the Senior Risk Analyst on the overall Client Governance schedule over finova as a material supplier, covering annual due diligences and audits as well as reporting agreed remediation. This may also involved attending client Governance meetings if required
• Work with the client and Head of Risk to understand regulatory obligations and help to tailor compliance strategies,
• Develop a relationship with the customer as a trusted advisor and contact point, providing insights and recommendations on best practices and compliance approaches.
Governance, Reporting & Collaboration
• Support monthly & quarterly reporting on risk and implementation plans relating to risk management as part of the R&C function.
• Collaborate with other senior leaders within finova to integrate compliance and security measures into product development and service delivery.
• Collaborate on Risk Forums with key stakeholders to manage risk items.
Technical Knowledge:
• Work to understand the product solutions thoroughly in order to apply required control framework.
What will you get from joining the finova family?
Flexible Working:
• 25 days holiday in each calendar year plus bank holidays
• Bank Holiday trading: flexibility to work bank holidays and take another day off that fits your values, beliefs or celebration calendar better
• Increasing your work life balance, holiday trading allows employees to buy an extra 5 days holidays
• Work from anywhere in the world for up to 4 weeks a year
• We recognise the importance of juggling family and work life therefore finova offer a flexible hybrid working policy
• We’re open to applicants from all walks of life, please feel free to ask us if you require flexible working and we’ll do our best to accommodate
Looking After You:
• Life Assurance, Group Income Protection and Private Medical Insurance
• Pension scheme via Salary Exchange
• Employee Assistance Programme with counselling sessions available
• Virtual GP to save you time in trying to get an in-person appointment
Family Friendly policy:
• Enhanced maternity and paternity pay
• Paid time off for fertility treatments and pregnancy loss
Extra Perks:
• Cycle to Work Scheme
• Access to a huge range of benefits & discounts for shops, restaurants and gym memberships
• Free fresh fruit daily
• Share your passions and Interests with like-minded people through our colleague networks and social groups - from book clubs to fitness challenges and group parties
Giving you the chance to give back:
• Give-As-You-Earn scheme allowing you to support your favourite charities straight from your monthly salary
• One days paid volunteering day a year
Equal Opportunity Statement
Diverse teams really are the best teams, we promote a working environment in which diversity is recognised, valued and encouraged. We acknowledge the multi-cultural and diverse nature of the UK workforce and society in general. We are committed to principles of fairness and mutual respect where everyone accepts the concept of individual responsibility. Our policy seeks to ensure job applicants and employees are treated fairly and without favour or prejudice. We are committed to applying this throughout the entire employee lifecycle.
We know that some candidates (and, from the research we've seen, especially women) may feel less inclined to apply for a role if they don't quite meet every requirement of the role. If you like the look of a role but you're not 100% sure if your skillset will meet our requirements, please reach out and we will be happy to talk through your experiences.
Personal Data
finova retains applicants’ personal data on our HR System for the purpose of reviewing and evaluating applications and contacting candidates to discuss job opportunities. For unsuccessful candidates, finova will retain your personal data and CV for the duration of 6 months.