IT Risk and Compliance Analyst – Junior (m/f)

Description

• Responsible for examining and analyzing the information system operations to identify opportunities for risk reduction. Ensures Information Technology (IT) risk controls and practices are based upon industry standards, best practices, and regulations by developing repeatable processes to identify, evaluate, and measure (IT) risk

Duties

• Provide audit services in accordance with IT audit standards to assist the group in protecting and controlling information systems and assets
• Execute a risk-based IT audit strategy in compliance with IT audit standards to ensure that key risk areas are audited and managed
• Evaluate the group’s IT policies, standards, procedures, and processes to ensure they support the IT strategy and comply with regulations, legal requirements, and industry standards
• Evaluate risk management practices to ensure the group’s IT risks are identified, assessed, monitored, reported, and managed
• Evaluate monitoring and reporting of IT key performance indicators (KPIs) to ensure management receives sufficient and timely information
• Ensure that the practices for the acquisition, development, testing, and implementation of information systems meet the group’s strategies and objectives
• Ensure that the processes for information systems operations, maintenance, and service management meet the group’s strategies and objectives
• Evaluate change management practices to ensure changes made to systems and applications are adequately controlled and documented
• Evaluate incident management practices to ensure problems and incidents, are prevented, detected, analyzed, reported, and resolved in a timely manner
• Evaluate the IT service management practices to ensure the controls and service levels expected by the group are adhered to
• Ensure that the group’s policies, standards, procedures, and controls ensure the confidentiality, integrity, availability, and privacy of information assets
• Evaluate the IT policies, standards, and procedures for completeness, alignment with best practices, industry standards, and compliance with regulatory and legal requirements
• Evaluate the design, implementation, maintenance, monitoring, and reporting of system and logical security controls to ensure the confidentiality, integrity, availability, and privacy of information
• Partner with other stakeholders to develop and maintain IT procedures and periodically test those procedures for effectiveness

Requisites

• Core Competencies:
• Problem Solving and Analytical
• Logical Thinker
• Persistence
• Communicating (orally/written)
• Inquiring Mind
• Should be able to work under pressure
• Friendliness
• Teamwork
• Reliability
• Experience/Knowledge & Skills:
• Minimum of 2 years of experience in information security, IT audit, IT compliance, or related
• Computer literacy essential (Excel, Word)
• General understanding of underlying IT infrastructure, architecture, and concepts
• Sound knowledge of IT Risk Management
• Sound Knowledge of Audit techniques
• Good time management and related organizational skills
• IT asset management
• Knowledge of enterprise risk management
• Knowledge of benefits realization practices
• Qualifications:
• Bachelor’s degree in auditing, information systems, risk management, informatics, computer science or equivalent
• Certified Information Systems Auditor (CISA) Certification will be an advantage
• Certified in the Governance of Enterprise IT (CGEIT) Certification

Notes

• Only shortlisted applicants will be contacted