Technology Risk & Compliance Analyst [South Africa]

 

Key Responsibilities

$ads={1}

• Demonstrate commitment to the the companies core values through upholding our standards of business conduct, complying with Group policies & procedures, and leading by example.
• Establish a working environment which promotes the importance of employees acting with integrity and in an ethical manner in line with the Group Code of Conduct.
• Ensure the execution of key internal controls within Technology Risk & Compliance
• Define, document and operationalise the processes and procedures to drive the consistency in the monitoring of compliance (e.g. compliance checking, tracking, monitoring and monitoring schedules, communications, and reporting) of managed service providers and Tier 1 vendors with the companies security requirements and Service Level Agreements (SLAs)
• Define and document the Cyber/Technology risk management process leveraging the existing ERM framework, including the cyber/ technology risk assessment methodology (e.g. risk acceptance/assessment process, security risk profile, roles/responsibilities; reporting requirements, etc.)
• Define a model of risk likelihood and impact, as well as risk rating criteria, categorisation, risk tolerance & acceptance levels and escalation processes
• Identify and assess potential information technology risks in processes and applications, and register risks and associated solutions in a formalised risk register.
• Monitor mitigating actions and proposed solutions to ensure risks are reduced to an acceptable business level.
• Validate security/technology & risk requirements with relevant stakeholders before the launch of a software, tool or platform.
• Provide governance to ensure adequate risk management of compliance and regulatory risks.
• Design and maintain the companies compliance framework containing internal security policies, global standards and regulatory requirements.
• Register risks and associated solutions in a formalised risk register and define KPIs, metrics and a risk appetite to enable standardised risk reporting amongst the companies teams.

Requirements:

• Industry certifications for example CRISC, CISA or CISSP.
• Knowledge or experience working with security standards and frameworks, such as the ISO31000 Risk Management Framework.
• Knowledge or training for the ISO27001 standard and NIST security frameworks.
• Knowledge of relevant frameworks, regulations, international legislation, and monitor emerging threats, forecasts, policies, and benchmarks.
• Ability to communicate with the companiesstakeholders to determine the security risk impact for new projects and business changes to provide relevant security requirements.

$ads={2}

 

.