Shawbrook provides finance to a wide range of customer segments that value the premium experience, flexibility and certainly we deliver.  We are a purpose-led organisation, with a focus on delivering long-term sustainable value for all our stakeholders.

We have a diversified offering, with our innovative lending propositions tailored to meet specific customer needs in carefully selected markets across SME, Real Estate and Personal. Our products range from complex structured credit facilities for growth-focused businesses to mortgages for professional landlords and property investors, as well as simple loans for consumers delivered digitally.  We fuel our lending through customer deposits, which we attract by delivering a premium experience, choice and consistently great value to smart savers.

The business model we have created is unique and difficult to replicate, with our ‘best of both’ approach combining deep human expertise with advanced digital, tech and data capabilities.  This combination not only allows us to deliver excellent customer experiences, but to do so efficiently and at scale.  We are proud of our innovative and agile culture, which drives consistently high employee engagement scores and makes Shawbrook an attractive destination for the best talent. If you’re willing to roll up your sleeves, contribute new ideas and believe anything is possible, you’re our kind of person.

Work with us because you:

• Want to be part of a bank built for the dynamics of the modern world
• Relish a challenge and enjoy a fast-paced, innovative and hardworking culture
• Enjoy finding new and better ways to solve complexity and make things happen
• Want to belong to a diverse culture that stands shoulder to shoulder with minority and underrepresented groups
• Care about society and the environment and want to be part of a business that cares too
• Want to continue to grow professionally and be the best version of yourself

This role is critical in strengthening Shawbrook’s first line technology control environment.  By delivering robust control testing and effective risk management support, the IT Risk & Controls Analyst helps ensure that Technology and Cyber risks are understood, managed and reported appropriately, protecting the Bank, supporting regulatory compliance, and enabling safe and sustainable growth. 

The IT Risk & Controls Analyst supports the effective management of technology and cyber risk within the CTO function. The role is responsible for executing and documenting control testing across the different technology departments, including Technology & Cyber, Data Governance & Quality, and Transformation (Change), ensuring risks and issues are accurately recorded and tracked, and contributing to high-quality risk reporting. 

The individual will operate within the First Line of Defence, working collaboratively with Technology, Cyber Security, Data and Change teams, as well as the central Risk and Controls and Second Line Risk functions, to ensure Shawbrook maintains a strong and well-evidenced control environment aligned to regulatory expectations (PRA/FCA/FRC) and internal risk management standards. 

This is a fantastic opportunity to sit at the heart of Technology in a growing specialist bank and play a visible role in strengthening how we manage risk. As IT Risk & Controls Analyst, you will move beyond traditional controls testing to directly influence how Technology, Cyber, Data and Change departments operate safely and effectively at scale. 

Key Responsibilities  

Control Testing & Assurance 

• Plan, document and execute control testing across the different technology functions, including Technology & Cyber, Data Governance & Quality, and Transformation / Change. 
• Assess control design and operating effectiveness, clearly evidencing outcomes and identifying control gaps. 
• Produce concise test reports, agree remediation actions with control owners, and track issues to closure. 
• Coordinate testing schedules with the central Controls function and ensure consistency of methodology and documentation. 
• Support continuous improvement of the Technology control environment, identifying opportunities for automation and maturity uplift. 

Risk & Issue Management 

• Support the accurate logging, maintenance and quality assurance of risks and issues within AuditBoard (GRC tool). 
• Monitor remediation activity, ensuring actions are tracked, evidenced and escalated where required. 
• Support audit and regulatory engagement by ensuring risk and control artefacts are complete, current and defensible. 

Risk Reporting & Governance 

• Contribute to monthly Technology risk reporting, including control testing results, risk profile movements, issue status and key themes. 
• Support preparation of materials for CTO and Risk governance forums. 
• Support RCSA cycles, risk assessments for new initiatives, and oversight of material change. 
• Contribute to regulatory, audit and assurance interactions as required. 

Essential 

• Experience in IT risk, technology controls, internal controls testing, or IT audit (First, Second, Third Line, or IT External Audit). 
• Strong understanding of technology and cyber risk domains (e.g. access management, change management, IT operations, security, SDLC, incident management, data governance). 
• Experience documenting and executing control tests, including evidence gathering and evaluation. 
• Strong written skills, with the ability to produce clear, structured documentation and reports. 
• Familiarity with GRC tooling (e.g. AuditBoard or equivalent). 
• Good understanding of risk management principles within a regulated environment. 
• Strong stakeholder engagement skills with the confidence to challenge constructively. 
• Analytical mindset with strong attention to detail. 
• Operate autonomously while maintaining alignment with team objectives. 

Desirable 

• Experience within a UK regulated bank, financial services firm, or a Consultancy. 
• Awareness of FRC (UK Corporate Governance Code)/PRA/FCA regulatory expectations, Operational Resilience, and SMCR. 
• Knowledge of control frameworks (e.g. SOx, COBIT, ITIL, NIST, ISO 27001). 
• Professional qualifications (or working towards) such as CISA, CRISC, CISSP, or equivalent. 
• Experience supporting change / transformation risk oversight.  

Your Wellbeing - We take your health and well-being very seriously by providing a range of benefits to give you and your family peace of mind. These include:

• Market leading family friendly policies such as access to our Maternity, Adoption and Paternity policies from Day 1 of your employment
• Free access to Headspace, a mindfulness & meditation digital health app
• Free access to Peppy digital health app that offers personalised support through fertility treatment becoming a parent or menopause
• EAP (Employee Assistance Programme) - Offering you support on a wide range of subjects including financial concerns, mental wellbeing and more general queries around family, work, housing and health
• Cycle to work scheme
• Discounts on gym membership
• Contributory pension scheme & death in service

Your Lifestyle - It’s important you strike the right balance between your work and personal life. We provide benefits to support you when at work and when you’re enjoying your leisure time.

• Minimum of 27 days holiday per year
• Option to buy or sell holiday days through our flexi-holiday scheme
• Discounts on gym membership nationwide
• Access to discounts on a range of high street and online brands
• Community support and charitable giving

Your Contribution - We’re focused on rewarding those that go the extra mile in helping us achieve our goals.

• Participation in our annual discretionary bonus scheme designed to reward your contribution to our success
• Proudly Shawbrook recognition scheme focused on recognising our role models and thanking our colleagues for a job well done