Risk and Controls Assurance Analyst

Risk and Controls Assurance Analyst, London, Permanent

We’re looking for a Risk and Controls Assurance Analyst to join our Chief Risk Office and support how risk and controls work in practice across Pay.UK. This role is well suited to someone with practical experience in second line of defence assurance who wants clarity of scope, structured work, and exposure to a regulated payments environment.

You’ll focus on how controls are designed, documented, tested, and improved. Your work will support consistent assurance across an organisation of around 350 colleagues that operates UK payment systems processing billions of transactions each year. You’ll work closely with first line teams, use established GRC tooling, and contribute to the ongoing embedding of our Enterprise Risk Management Framework. The outcome of your work is clear and practical: well-defined controls, reliable assurance, and reporting that supports informed decisions.

Accountabilities

• Review and quality assure control objectives, control designs, and control documentation to confirm they meet defined standards.
• Work with first line of defence teams to review control testing results and identify gaps, weaknesses, or inconsistencies.
• Maintain and deliver a second line controls assurance plan, using the GRC tool to document testing, outcomes, and follow-up actions.
• Provide structured feedback to first line teams on assurance findings and support the development of clear action plans where controls are not effective.
• Support the design and review of standardised and centralised control activities, including documenting recommendations for improvement or automation.
• Complete quality assurance checks across risks, controls, issues, and key risk indicators to confirm accuracy, completeness, and timeliness.
• Contribute to Directorate-level Risk and Control Self Assessments by reviewing inputs and validating outputs before reporting.
• Support enhancements to the risk and controls modules within the GRC tool, including defining requirements and testing changes.
• Prepare clear assurance outputs and reports that summarise findings and themes for internal stakeholders.

Qualifications, Skills and Experience

• Experience working in a second line of defence risk or controls assurance role within a regulated environment.
• Practical experience designing, testing, or assuring operational controls and reviewing control effectiveness.
• Experience using a GRC tool to record risks, controls, issues, and assurance outcomes.
• Experience working with internal audit findings and supporting the tracking and closure of agreed actions.

Pay.UK Behaviours

At Pay.UK, our behaviours are central to who we are and how we operate. They bring our values to life, shape our culture, and guide how we make decisions, collaborate, and respond to challenges across the payments ecosystem. All interview processes will assess the following behaviours:

• Listen to Find Win-Wins - Empathy, Listening and Understanding
• Influence with resolve - Influence, resolve
• Go Horizontal First - Cross Boundary Collaboration
• Take Ownership - Self Development
• Opportunity Mindset – Initiative
• Simplify - Achievement orientation