About the Role
We are seeking a highly skilled Senior IT Risk Analyst to support and enhance the organization's IT risk management framework. The role focuses on maturing IT risk processes, performing comprehensive risk assessments, and ensuring robust information risk and control practices. This position plays a key part in policy compliance, risk reporting, and engagement with IT and business stakeholders.
Risk Management & Assessment
- Update and streamline the IT risk management framework to improve process maturity and ensure alignment with organizational risk practices.
- Lead IT operational risk assessments in collaboration with Subject Matter Experts across IT and business units.
- Participate in risk discussions with senior stakeholders and provide insights on risk mitigation plans.
- Prepare and review risk assessment reports, ensuring accuracy and relevance.
Governance & Compliance
- Conduct Security License to Operate (SLtO) reviews to ensure compliance with IT risk and control requirements prior to production deployment.
- Evaluate unresolved high-critical risks and recommend mitigation strategies to support informed go-live decisions.
- Facilitate the processing of IT policy exceptions or deferments and track related action plans.
- Ensure all IT risk data is accurately maintained in the organization's GRC (Governance, Risk & Compliance) platform.
Reporting & Communication
- Develop IT risk reports, dashboards, and insights for internal teams and governance committees.
- Support enterprise-level risk reporting requirements, including key risk indicators, operational losses, and risk appetite updates.
- Promote a risk-aware culture through effective communication materials and awareness initiatives.
Policy & Framework Support
- Support the review and enhancement of IT policies and process documents.
- Assist in planning and coordinating ISO 27001-related risk assessment activities and information security initiatives.
- Perform other riskrelated tasks as required.
Qualifications
- Bachelor's degree in Business Administration, Management, Accounting, Computer Science, Information Technology, Industrial Engineering, or a related field.
- Minimum of 5 years of experience in IT risk, governance, or controls.
- Strong exposure to enterprise technology environments and risk management practices.
Technical Skills
- Knowledge of industry frameworks such as Sarbanes-Oxley, COSO, COBIT, NIST, PMBOK, ISO 27001, SWIFT CSCF, or DORA.
- Solid understanding of IT audit principles and control standards.
- Proficiency in using GRC tools, Office 365 applications, and reporting tools such as Power BI.
Soft Skills
- Excellent analytical and critical thinking abilities.
- Strong attention to detail and structured work approach.
- Ability to collaborate effectively with internal and external stakeholders.
- Strong oral and written communication skills; comfortable working with senior executives.
Preferred Certifications
- IT risk or security certifications such as CRISC, CISA, ISO 27001 Lead Implementer/Lead Auditor, or equivalent.
Work Arrangement
- Hybrid setup onsite reporting three times a week, or more if required by the team.
- Work schedule: 8:00 AM 5:00 PM (Manila Time).
