Technology Consultant (Resilience, PAM & IAM)

Role Overview

This role supports a critical remediation programme focused on strengthening underperforming technology controls. You will drive improvements across control design and operating effectiveness, specifically within Operational Resilience, Privileged Access Management (PAM), and Identity & Access Management (IAM). Working closely with technology, risk, and audit stakeholders, you will ensure remediation activities are clearly defined, executed effectively, and evidenced to a high standard.

Responsibilities

Control Assessment & Diagnosis

• Review underperforming controls to identify root causes, design deficiencies, and operating effectiveness gaps.
• Assess whether current control designs are fit for purpose and aligned with regulatory expectations.

Remediation Planning & Execution

• Define structured remediation plans, including actions, ownership, milestones, and evidence requirements.
• Drive delivery of remediation activities in collaboration with control owners and SMEs.

Stakeholder Engagement

• Partner with technology and engineering teams, risk and compliance functions, and internal audit stakeholders.
• Provide constructive challenge to ensure robust and sustainable control improvements.

Control Framework Enhancement

• Support optimization of control operating models, including control frequency, evidence standards, accountability models, and governance processes.
• Embed consistent control discipline across resilience, PAM, and IAM domains.

Governance & Reporting

• Track remediation progress and proactively escalate risks, blockers, and overdue actions.
• Produce clear, concise reporting for senior stakeholders and governance forums.
• Review remediation evidence to confirm completeness and sustainability.

Audit & Assurance Readiness

• Support preparation for control testing, internal/external audits, and regulatory reviews.
• Ensure remediation outcomes are defensible and audit-ready.

Essential Experience

• Proven experience in Technology Risk, IT Controls, Cyber Risk, IT Audit, or Operational Resilience.
• Strong track record delivering control remediation in financial services, banking, or other regulated environments.
• Experience assessing control design effectiveness and operating effectiveness.
• Familiarity with Risk & Control Self-Assessments (RCSA), audit findings, and issue management.
• Demonstrated ability to manage the remediation lifecycle from identification through to closure.

Technical Domain Knowledge

Operational Resilience

• Understanding of critical business services, disaster recovery, business continuity, and technology recovery controls.
• Experience with resilience testing evidence, impact tolerances, and recovery plans.

Privileged Access Management (PAM)

• Knowledge of privileged account governance, Joiner-Mover-Leaver (JML) processes, and access recertification.
• Exposure to PAM tooling (e.g., vaulting solutions), break-glass access, session monitoring, and account ownership models.

Identity & Access Management (IAM)

• Experience with access provisioning and de-provisioning, Role-Based Access Controls (RBAC), and Segregation of Duties (SoD).
• Strong understanding of access reviews, governance, and IAM control testing.

Key Skills & Attributes

• Strong analytical capability in control assessment and remediation design.
• Ability to translate complex control issues into practical, actionable solutions.
• Excellent stakeholder management across technical and non-technical audiences.
• High-quality written communication, including senior-level reporting.
• Confident in constructively challenging control owners.
• Comfortable operating in ambiguous, fast-paced environments.
• Strong attention to detail, particularly in reviewing remediation evidence.

Contract Details

• Type: Long-term contract with strong chance of extensions.
• Schedule: On-site 4 days per week.