Job Description

IT Audit & Risk Analyst (Hybrid -Cheltenham / London)

===========================================================

About Finova

Finova is the UK's largest mortgage and savings technology provider, powering one in every five mortgages across the country. Our agile, cloud-native solutions help over 60 banks, building societies, specialist lenders and equity release providers -- plus a network of 2,400+ brokers -- stay ahead of the market.


We offer a flexible, proven suite of software that covers the full customer journey -- from mortgage and savings origination to servicing and CRM. Backed by an open architecture and a team with deep industry expertise, our platform is built to scale. Today, we process over 50 billion in loans each year, manage nearly 50 billion in savings, and support the digital servicing of more than 650,000 UK borrower accounts.

The Risk & Compliance Team

The R&C Team provides support to all 450+ colleagues across Finova playing a vital role in ensuring client solutions hosted within Azure and AWS environments adhere to stringent security, governance, and regulatory standards. Their remit includes supporting external audits aligned with the Client Governance Schedule and contributing to the continuous development of the organisation's Risk Management Framework. The team works closely with project leads and engages proactively with both internal stakeholders and clients to uphold best practices in risk mitigation and compliance oversight.

What will you be doing?

Auditing - under the direction of the Audit Lead Assist in the Client Audit Schedule throughout the year covering client audits and due diligences Attend meetings to prep for audits with key stakeholders, take minutes and follow up on actions Engage with clients to perform their audits, identify gaps and work with stakeholders to provide management responses Validation of audit evidence before submission Link any findings of audits into the wider Risk management framework and remediation schedule Work with key internal stakeholders to develop in house SoPs to improve consistency and robust control improvements, as well as automation where possible Attend audit debriefs after closure, take minutes and actions as necessary and track through to completion Risk Framework: Work alongside the R&C function to embed risk and compliance frameworks within product servicing to ensure regulatory and contractual compliance using our Risk system Hyperproof Completion of client and annual Due diligence framework in Risk Ledger, confirming accuracy and documentation Work in line with the overall control framework, which is aligned to ISO27001, ISO27017, ISO9001, FSQS audit and NIST Manage the admin around the Policy framework, ensuring accuracy and timeliness of updates Manage the timely collection of documentation around ICO registrations and insurances Manage the Client CRM and TP Matrix with accuracy and timeliness Manage the collection of TP documentation for our Material TPs from key stakeholders Assist in any further admin tasks covering both Risk and Audit, as necessary

About You:

In terms of your experience, your attitude is everything, but we'd particularly love to see your:


Bachelor's degree in computer science, Information Security, Business Management, or a related field. Some tech/IT risk experience, or theoretical knowledge Highly analytical, self-learning and amazing attention to detail Some knowledge of Cloud Azure/ AWS is advantageous Generic understanding of regulatory requirements in financial firms The ability to work with multiple stakeholders and run different projects at any one time Punctual and timely delivery of all tasks Can be self-sufficient as well as have a collaborative working style when necessary Ability to research and understand regulatory or industry standard obligations and support their adherence

What We Offer:

Flexible Working

: 25 days holiday plus bank holidays, bank holiday trading and holiday purchase options, the opportunity to work from anywhere in the world for up to 4 weeks per year, and a flexible hybrid working policy.

Looking After You

: Life Assurance, Group Income Protection, Private Medical Insurance, a pension scheme via Salary Exchange, an Employee Assistance Programme, and access to a Virtual GP.

Family-Friendly Policies

: Enhanced maternity and paternity pay, as well as paid time off for fertility treatments and pregnancy loss.

Extra Perks

: Cycle to Work Scheme, discounts on shops, restaurants, and gym memberships, free fresh fruit daily, and opportunities to join colleague networks and social groups.

Giving Back

: One paid volunteering day annually and the Give-As-You-Earn scheme to support your favourite charities.

Equal Opportunity Statement

We value diversity and are committed to creating an inclusive environment for all employees. If you're passionate about this role but don't meet all the criteria, please reach out--we'd love to discuss how your skills and experiences align with our needs.