IT Risk an Security Analyst

Job Description

Responsible for embedding IT and cyber risk management into IT teams

• Integrate into the IT teams and establish yourself as a trusted advisor and assurance provider; work as part of the extended IT Risk management function to:
  • Promote a risk conscious mindset through stakeholder engagement and awareness
  • Proactively identify, track, and manage IT and cyber risks
  • Coordinate internal and external audits
  • Help monitor compliance to policies and standards
  • Report on the status of risks, remediation, and progress to IT management
  • Engage in projects and help deliver risk-related activities such as third-party risk assessments
  • Leverage the IT GRC tool to manage and report on risk items
  • Be the go-to person in the team to help the team help themselves manage risk

Responsible for cyber security analysis and coordination within IT teams

• Be the first point of call for helping coordinate cyber security activities as part of projects and change within the IT team
• Leverage group security frameworks, policies, standards, and architecture to support the IT team in delivering change under the guiding principles of ‘shift left’ and ‘security by default’
• Support the IT team’s operational change requirements where relevant with guidance and advice
• Coordinate all these activities with the broader security team
• Identify and define security requirements for the IT team, for the broader security team to execute

Minimum Requirements

Mandatory

• Grade 12 and relevant degree/diploma (3 years)
• Up to 8 years relevant experience in IT, IT risk, IT assurance and/or cyber security
• A relentless pursuit of risk reduction
• Autonomy and a proactive approach to work
• Experience with IT GRC tools
• The ability to say ‘yes, but’ and guide teams towards solutions that apply the right level of risk, governance, and security

Advantageous

• Relevant qualifications and certifications such as CISM, CISA, CRISC or CISSP
• The zest for assisting outside of working hours when required
• Knowledge of cyber security landscape, including systemic understanding of key business linkages and dependencies
• Is aware of and responsive to internal and external events and influences on the technical landscape
• Ability to research technology-related concepts, trends, and best practices, and apply findings
• Appropriately derives and organises the essence of information to draw solid conclusions
• Looks beyond symptoms to uncover root causes of problems to be solved
• Synthesises data from different sources to identify trends
• Presents problem analysis and a recommended solution rather than just identifying and describing the problem itself
• Proactively approaches others to obtain missing information
• Demonstrates a results-oriented mindset in planning and implementing activities/projects
• Clearly defines objectives and translates them into workable activities
• Monitors and tracks progress to ensure delivery of all planned commitments, and keeps the appropriate people informed
• Prepares written reports and briefs and communicates ideas clearly
• Speaks fluently in team meetings when presenting information
• Manages existing partnerships within established agreements or contracts; negotiates adjustments when mutually beneficial to do so
• Genuinely cultivates personal bonds with colleagues to enhance performance throughout the organisation
• Adjusts to work effectively within new work structures, processes, requirements, or cultures
• Demonstrates resourcefulness in acquiring necessary knowledge, skills, and competencies to adapt to change