IT ANALYST (RISK)

Scope of Work/Responsibilities:

In close coordination with IT Assurance/ Risk and Controls Team, the Senior IT Risk Analyst will perform the following:

Update and streamline ITD's risk management framework and processes with a view to enhance operational

maturity and alignment with organizational risk process

Ru IT operational risk assessments in collaboration with Subject Matter Experts from ITD and business

uits

Engage Senior personnel in risk assessment and risk mitigation plan discussions

Prepare and/or review risk assessment reports for relevance and accuracy

Conduct Security License to Operate (SLtO) reviews to confirm IT Risk and Compliance controls are in placebefore production deployment, including operational risk assessment of uresolved high-critical risks and provide recommended mitigations strategies to support informed go-live decisions.

Facilitate IT policy exception or deferment request process and monitor status of requests and related actionplans

Ensure IT risk and risk-related information in ITD's GRC tool are timely, accurate and up to date

Prepare IT risk reports and dashboards from risk data and commuicate insights to ITD teams and relevant governance groups.

Promote risk-aware culture by developing risk commuications as may be needed

Coordinate IT risk reporting requirements with the Office of Risk Management (ORM) such as quarterly keyrisk indicators, operational risk and incident losses, risk management report highlights, risk appetite

definition, etc.

Review of IT policy and process documents, in coordination with IT Controls and Compliance team

Assist in planning, implementation, coordination of ISO 27001 risk assessment and related information

security activities

Perform other related tasks as required for the position.

Requirement and Qualification (Education & Work Experience)

Education and Work Experience

Bachelor's degree, preferably in Business Administration/ Management, Accouting, Computer Science, Information Technology or Industrial Engineering

Technical Knowledge

Strong IT risk experience with minimum of 5 years work experience in IT risk, governance and controls

Knowledgeable on frameworks such as Sarbanes-Oxley, COSO, COBIT, NIST, PMBOK, ISO 27001, SWIFT

CSCF, Digital Operational Resilience Act (DORA)

Good uderstanding of audit principles, standards and procedures

Broad range of knowledge of information technology as applied in an enterprise environment

Excellent oral, written commuication skills in English; comfortable dealing with senior executives from a variety of culture.

Soft Skills

Strong analytical skills

Strong attention to details and methodical with work

Able to liaise and work effectively with external and internal clients, stakeholders

Able to work collaboratively with teams as a constructive team member.

Tools/Software

Experienced in GRC, productivity tools such as Office 365 applications and reporting tools such as PowerBI.

Certification (if applicable)

Industry certification demonstrating competence in IT risk (example CRISC, CISA, ISO)