IT Risk and Security Analyst (CPT Hybrid)
IT – Analyst, Data Management
Cape Town – Western Cape
YOUR relentless pursuit of risk reduction and expertise as an IT Risk and Security Analyst is sought by a reputable Retail Group to support its delivery of the IT Risk & Cyber Security programs. Your will serve in two critical roles in support of these programs; to enable IT team-embedded security analysis and business enablement, and to drive risk management. This role looks to streamline risk and security processes in support of quality and speedy delivery in a complex and busy IT environment. The role requires Grade 12, a suitable 3-year Degree/Diploma, up to 8 years’ IT/IT Risk/Assurance or Cyber Security experience including have worked with IT GRC tools, some technical understanding and a passion for proactive Risk and Security Management.
Responsible for embedding IT and Cyber Risk Management into IT teams –
- Integrate into the IT teams and establish yourself as a trusted advisor and assurance provider, not a policeman.
- Promote a risk conscious mindset through stakeholder engagement and awareness
- Proactively identify, track, and manage IT and cyber risks.
- Coordinate internal and external audits.
- Help monitor compliance to policies and standards.
- Report on the status of risks, remediation, and progress to IT management.
- Engage in projects and help deliver risk-related activities such as third-party risk assessments.
- Leverage the IT GRC tool to manage and report on risk items.
- Be the go-to person in the team to help the team help themselves manage risk.
Responsible for Cyber Security analysis and coordination within IT teams –
- Be the first point of call for helping coordinate Cyber Security activities as part of projects and change within the IT team.
- Leverage group security frameworks, policies, standards, and architecture to support the IT team in delivering change under the guiding principles of ‘shift left’ and ‘security by default’.
- Support the IT team’s operational change requirements where relevant with guidance and advice.
- Coordinate all these activities with the broader security team.
- Identify and define security requirements for the IT team, for the broader security team to execute.
- Grade 12 and relevant Degree/Diploma (3 years).
- Up to 8 years relevant experience in IT, IT Risk, IT Assurance and/or Cyber Security.
- A relentless pursuit of risk reduction.
- Autonomy and a proactive approach to work.
- Experience with IT GRC tools.
- The ability to say ‘yes, but’ and guide teams towards solutions that apply the right level of risk, governance, and security.
- Relevant qualifications and certifications such as CISM, CISA, CRISC or CISSP.
- Knowledge of IT and Cyber Security landscape, including systemic understanding of key business linkages and dependencies.
- The zest for assisting outside of working hours when required.
- Is aware of and responsive to internal and external events and influences on the technical landscape.
- Ability to research technology-related concepts, trends, and best practices, and apply findings.
- Appropriately derives and organises the essence of information to draw solid conclusions.
- Looks beyond symptoms to uncover root causes of problems to be solved.
- Synthesises data from different sources to identify trends.
- Presents problem analysis and a recommended solution rather than just identifying and describing the problem itself.
- Proactively approaches others to obtain missing information.
- Demonstrates a results-oriented mindset in planning and implementing activities/projects.
- Clearly defines objectives and translates them into workable activities.
- Monitors and tracks progress to ensure delivery of all planned commitments, and keeps the appropriate people informed.
- Prepares written reports and briefs and communicates ideas clearly.
- Speaks fluently in team meetings when presenting information.
- Manages existing partnerships within established agreements or contracts; negotiates adjustments when mutually beneficial to do so.
- Genuinely cultivates personal bonds with colleagues to enhance performance throughout the organisation.
- Adjusts to work effectively within new work structures, processes, requirements, or cultures.
- Demonstrates resourcefulness in acquiring necessary knowledge, skills, and competencies to adapt to change.