IT Risk Analyst

IT Risk Analyst required for non-profit organisation. The role is to support the Chief Information Security Office (CISO), CTO and Head of technical projects and change in the collation and management of IT risks; drive focus and prioritization within the IT organization through establishing an appropriate risk framework including governance principles and processes.

Responsibilities:

IT Audit & Risk Management Function

• Own the IT Risk Management process, including facilitating IT management to ensure all risks are updated monthly, and producing the necessary Risk Reporting to the various governance bodies across the organization, ensuring a pragmatic and quality approach and ensuring that CAF meets its regulatory obligations.
• Conduct Quarterly risk administration & updates.
• Track, update and manage outstanding Risk Acceptances and mitigating controls therein.
• Track live risk and audit items and actions, including chasing action updates.
• Own the overall Risk portfolio, conduct regular risk brainstorming activities and support on Risk Assessments
• Own the IT Audit processes, including organizing and facilitating live audits, prioritizing, and sponsoring outstanding audit actions and reporting the audit position to the various governance bodies across the organization, ensuring a pragmatic and quality approach and ensuring that CAF meets its regulatory obligations.
• Be a conduit for all audit activities which impact the IT department, this includes any follow-on actions.

IT Continuous Process Improvement

• Identify, plan, manage and drive opportunities for improving efficiency and effectiveness cross functionally, through the Continuous Improvement Plans to help mitigate risks.
• Undertake the management of the above work items or process improvement activities within the department to improve operational processes, culture, morale, and service/project delivery.
• Organize and support continuous improvement activities to improve team skills and enhance knowledge development of risk management within IT.  Act as “go to” management support for risk management activities and initiatives, general process knowledge and strategies for employees at all levels.
• Support the development and maintenance of IT policies, procedures, methodologies, and governance — as well as performance management frameworks and metrics — to ensure the IT organization delivers value to the enterprise and mitigates risk.

IT Statistical Reporting

• Work with Senior Management to define, develop and maintain overarching metrics to clearly articulate IT performance in both the business and operational context; analyze results and develop improvement plans.  Identify and implement metrics to evaluate the effectiveness of process improvements.

IT Business Continuity

• Support Senior Management in ensuring that robust contingency and business continuity plans are in place for the IT services and that these are coordinated with and support the business’s continuity plans.

As an ideal candidate, you will have an industry certification such as CISSP/CISM/CRISC and have expert knowledge of Information Security Risk.  You will also have a proven track record of successful delivery in a similar role.