IT Analyst (Risk)

Overview:

The Senior IT Risk Analyst is responsible to primarily work on improving the maturity of IT risk management process, support in all risk assessment-related activities, i.e. ISMS Risk Assessment and assist in managing overall approach to information risk and controls.

Scope of Work/Responsibilities:

In close coordination with IT Assurance/ Risk and Controls Team, the Senior IT Risk Analyst will perform the following:

• Update and streamline ITDs risk management framework and processes with a view to enhance operational maturity and alignment with organizational risk process

• Run IT operational risk assessments in collaboration with Subject Matter Experts from ITD and business units

• Engage Senior personnel in risk assessment and risk mitigation plan discussions

• Prepare and/or review risk assessment reports for relevance and accuracy

• Conduct Security License to Operate (SLtO) reviews to confirm IT Risk and Compliance controls are in place before production deployment, including operational risk assessment of unresolved high-critical risks and provide recommended mitigations strategies to support informed go-live decisions.

• Facilitate IT policy exception or deferment request process and monitor status of requests and related action plans

• Ensure IT risk and risk-related information in ITDs GRC tool are timely, accurate and up to date

• Prepare IT risk reports and dashboards from risk data and communicate insights to ITD teams and relevant governance groups.

• Promote risk-aware culture by developing risk communications as may be needed

• Coordinate IT risk reporting requirements with the Office of Risk Management (ORM) such as quarterly key risk indicators, operational risk and incident losses, risk management report highlights, risk appetite definition, etc.

• Review of IT policy and process documents, in coordination with IT Controls and Compliance team

• Assist in planning, implementation, coordination of ISO 27001 risk assessment and related information security activities

• Perform other related tasks as required for the position.

Requirement and Qualification (Education & Work Experience):

Education and Work Experience

• Bachelors degree, preferably in Business Administration/ Management, Accounting, Computer Science, Information Technology or Industrial Engineering

Technical Knowledge

• Strong IT risk experience with minimum of 5 years work experience in IT risk, governance and controls

• Knowledgeable on frameworks such as Sarbanes-Oxley, COSO, COBIT, NIST, PMBOK, ISO 27001, SWIFT CSCF, Digital Operational Resilience Act (DORA)

• Good understanding of audit principles, standards and procedures

• Broad range of knowledge of information technology as applied in an enterprise environment

• Excellent oral, written communication skills in English; comfortable dealing with senior executives from a variety of culture

Soft Skills

• Strong analytical skills

• Strong attention to details and methodical with work

• Able to liaise and work effectively with external and internal clients, stakeholders

• Able to work collaboratively with teams as a constructive team member

Tools/Software

• Experienced in GRC, productivity tools such as Office 365 applications and reporting tools such as PowerBI. Certification (if applicable)

• Industry certification demonstrating competence in IT risk (example CRISC, CISA, ISO)