IT Risk and Security Analyst (CPT Hybrid)

IT – Analyst, Data Management
Cape Town – Western Cape

YOUR relentless pursuit of risk reduction and expertise as an IT Risk and Security Analyst is sought by a reputable Retail Group to support its delivery of the IT Risk & Cyber Security programs. Your will serve in two critical roles in support of these programs; to enable IT team-embedded security analysis and business enablement, and to drive risk management. This role looks to streamline risk and security processes in support of quality and speedy delivery in a complex and busy IT environment. The role requires Grade 12, a suitable 3-year Degree/Diploma, up to 8 years’ IT/IT Risk/Assurance or Cyber Security experience including have worked with IT GRC tools, some technical understanding and a passion for proactive Risk and Security Management.
Responsible for embedding IT and Cyber Risk Management into IT teams –
  • Integrate into the IT teams and establish yourself as a trusted advisor and assurance provider, not a policeman.
  • Promote a risk conscious mindset through stakeholder engagement and awareness
  • Proactively identify, track, and manage IT and cyber risks.
  • Coordinate internal and external audits.
  • Help monitor compliance to policies and standards.
  • Report on the status of risks, remediation, and progress to IT management.
  • Engage in projects and help deliver risk-related activities such as third-party risk assessments.
  • Leverage the IT GRC tool to manage and report on risk items.
  • Be the go-to person in the team to help the team help themselves manage risk.
Responsible for Cyber Security analysis and coordination within IT teams –
  • Be the first point of call for helping coordinate Cyber Security activities as part of projects and change within the IT team.
  • Leverage group security frameworks, policies, standards, and architecture to support the IT team in delivering change under the guiding principles of ‘shift left’ and ‘security by default’.
  • Support the IT team’s operational change requirements where relevant with guidance and advice.
  • Coordinate all these activities with the broader security team.
  • Identify and define security requirements for the IT team, for the broader security team to execute.
Mandatory –
  • Grade 12 and relevant Degree/Diploma (3 years).
  • Up to 8 years relevant experience in IT, IT Risk, IT Assurance and/or Cyber Security.
  • A relentless pursuit of risk reduction.
  • Autonomy and a proactive approach to work.
  • Experience with IT GRC tools.
  • The ability to say ‘yes, but’ and guide teams towards solutions that apply the right level of risk, governance, and security.
Advantageous –
  • Relevant qualifications and certifications such as CISM, CISA, CRISC or CISSP.
  • Knowledge of IT and Cyber Security landscape, including systemic understanding of key business linkages and dependencies.
  • The zest for assisting outside of working hours when required.
  • Is aware of and responsive to internal and external events and influences on the technical landscape.
  • Ability to research technology-related concepts, trends, and best practices, and apply findings.
  • Appropriately derives and organises the essence of information to draw solid conclusions.
  • Looks beyond symptoms to uncover root causes of problems to be solved.
  • Synthesises data from different sources to identify trends.
  • Presents problem analysis and a recommended solution rather than just identifying and describing the problem itself.
  • Proactively approaches others to obtain missing information.
  • Demonstrates a results-oriented mindset in planning and implementing activities/projects.
  • Clearly defines objectives and translates them into workable activities.
  • Monitors and tracks progress to ensure delivery of all planned commitments, and keeps the appropriate people informed.
  • Prepares written reports and briefs and communicates ideas clearly.
  • Speaks fluently in team meetings when presenting information.
  • Manages existing partnerships within established agreements or contracts; negotiates adjustments when mutually beneficial to do so.
  • Genuinely cultivates personal bonds with colleagues to enhance performance throughout the organisation.
  • Adjusts to work effectively within new work structures, processes, requirements, or cultures. 
  • Demonstrates resourcefulness in acquiring necessary knowledge, skills, and competencies to adapt to change.