Job Overview:
The ICT Risk and Compliance Analyst will work with the Information Technology Department to develop, implement, enhance, and support information technology operational risk controls through established policies, procedures, processes, and standards.
This role is responsible for maintaining the ICT risk register and undertaking regular risk reporting to stakeholders. Additionally, the candidate will coordinate external and internal audits, as well as support, maintain and update ICT risk and security policies, standards and processes.
Maintaining a strong awareness of ICT security and risk among the staff of the department is crucial. The candidate will perform ICT risk assessments for new technology projects, processes, and third-party services used by the organisation.
To succeed in this role, the ideal candidate should have working knowledge of risk assessment and management frameworks, processes, and tools. Experience with developing cyber security policies, standards, and processes is also essential. Knowledge of ISO 31000, ISO 27001/2 and NIST Cyber Security Framework is necessary. In addition, knowledge of cloud-based technology solutions, such as Microsoft Azure, Office 365 and Power BI reporting, would be beneficial.
Key Responsibilities:
* Maintain the ICT risk register and undertake regular risk reporting to stakeholders
* Coordinate external and internal audits
* Support, maintain and update ICT risk and security policies, standards and processes
* Maintain ICT security and risk awareness among department staff
* Perform ICT risk assessments for new technology projects, processes and third-party services