Senior It Risk & Compliance Analyst (Sp7)-It Risk & Compliance
Capricorn Group Limited - windhoek, namibia
2 months ago
Senior IT Risk & Compliance Analyst (SP7)-IT Risk & Compliance
Listing reference: capgh_000271
Listing status: Online
Apply by: 16 October 2024
Position summary
Introduction
PRIMARY PURPOSE OF THIS POSITION Responsible for examining and analysing the information system operations to identify opportunities for risk reduction. Ensures Information Technology (IT) risk controls and practises are based upon industry standards, best practices and regulations by developing repeatable processes to identify, evaluate, and measure (IT) risk.
Job description
KEY PERFORMANCE AREAS (KPAs)
1. Provide audit services in accordance with IT audit standards to assist the group in protecting and controlling information systems and assets.
- Execute a risk-based IT audit strategy in compliance with IT audit standards to ensure that key risk areas are audited and managed.
- Communicate audit results and make recommendations to key stakeholders.
- Plan specific audits to determine whether information systems are protected, controlled and provide value to the organization.
2. Ensure that the necessary organizational structures and processes are in place to achieve objectives and to support the group's strategy.
- Evaluate the effectiveness of the IT governance structure to ensure it supports the groups strategies and objectives.
- Evaluate the groups IT policies, standards and procedures, and the processes ensure they support the IT strategy and comply with regulations, legal requirements and industry standards.
- Evaluate risk management practices to ensure the groups IT risks are identified, assessed, monitored, reported and managed.
- Evaluate monitoring and reporting of IT key performance indicators (KPIs) to ensure management receives sufficient and timely information.
- Evaluate the groups business continuity plan (BCP), including alignment of the IT disaster recovery plan (DRP) with the BCP, to ensure the group has the ability to continue essential business operations during the period of an IT disruption.
3. Ensure that the practices for the acquisition, development, testing and implementation of information systems meet the groups strategies and objectives.
- Evaluate controls for information systems during the requirements, acquisition, development and testing phases for compliance with the group's policies, standards, procedures and applicable external requirements.
- Evaluate IT risk and perform due diligence and periodic security reviews on IT vendors.
4. Ensure that the processes for information systems operations, maintenance and service management meet the groups strategies and objectives.
- Evaluate change management practices to ensure changes made to systems and applications are adequately controlled and documented.
- Evaluate incident management practices to ensure problems and incidents, are prevented, detected, analysed, reported and resolved in a timely manner.
- Evaluate the IT service management practices to ensure the controls and service levels expected by the group are adhered to.
5. Ensure that the groups policies, standards, procedures and controls ensure the confidentiality, integrity, availability and privacy of information assets.
- Evaluate the IT policies, standards and procedures for completeness, alignment with best practices, industry standards and compliance with regulatory and legal requirements.
- Evaluate the design, implementation, maintenance, monitoring and reporting of system and logical security controls to ensure the confidentiality, integrity, availability and privacy of information.
- Partner with other stakeholders to develop and maintain IT procedures and periodically test those procedures for effectiveness.
Minimum requirements
CORE COMPETENCIES
- Problem solving and analytical skills
- Logical thinker
- Persistence
- Communication skills (orally/written)
- Enquiring mind
- Friendliness
- Teamwork
- Reliability
EXPERIENCE/KNOWLEDGE & SKILLS
- General understanding of underlying IT infrastructure, architecture, and concepts.
- Sound knowledge of IT risk management
- Sound knowledge of audit techniques
- Good time management and related organizational skills
- IT asset management
- Knowledge of enterprise risk management
- Knowledge of benefits realization practices
QUALIFICATIONS