Job Description

Company based in Bree Street, Cape Town

Industry - Telecommunications

Permanent

Please forward your updated CV to Michelle - kindo.m@abcworldwide.com

Technology Risk & Compliance Analyst

Support the Technology Risk & Compliance Manager to ensure security risks are appropriately managed through timely identification and assessment of risks.

Scope of the Role

Financial:

Geography:

N/A

Global (for security risk & compliance)

Size (Direct Reports):

Size (Indirect Reports):

N/A

N/A

Key Performance Indicators:

Complexity

• Number of technology risk assessments completed annually
• Number of technology risks tracked and included in the risk register
• Percentage of technology risks captured in the risk register that have all the attributes captured
• Number of unidentified technology risks per month
• Number of touchpoints with technology and business stakeholders to discuss management of ongoing security risks

• Low to moderate complexity work requiring the person to track mitigation of security risks and liaise with a number of stakeholders internally within security and wider business functions (legal risk & compliance)

Key Business Contacts (Internal)

Key Business Contacts (External)

• Wider CISO and CIO teams
• Wider Group CISO GRC team
• Group Legal team including DPO
• Group Risk

• Regulators

Decision-Making Authority:

N/A

Professional Requirements

Education/Training/Computer skills:

• Essential to have industry certifications for example CRISC, CISA or CISSP
• Essential to have knowledge or experience working with security standards and frameworks, such as the ISO31000 Risk Management Framework
• Desirable to have knowledge or training for the ISO27001 and NIST security frameworkS

Experience:

As a Technology Risk and Compliance Analyst, you will be expected to demonstrate experience and knowledge across the following areas

• Security risk management, security compliance, and basic knowledge of audits.
• Communicating technical and IT risks into tangible business risks and impacts.
• Working in a global organisation (preferably within the manufacturing and/or security risk and compliance division) with stakeholders of varying seniority
• 1 - 2 years Exp within GDPR
• No Degree with Exp IT domain- covering: Tech risk Model, Penetration reports, Production System, Domain IT Risk Mode

Competencies:

• Ability to design and execute key internal controls in a Technical Risk & Compliance environment
• Good understanding of technology risk management fundamentals, processes and frameworks
• Ability to communicate with stakeholders of varying seniority to explain technology risks in simple business language, with a clear scope of impact, risk ownership and accountability.
• Strong analytical skills, with a proactive work approach for identifying and remediating risks for the business and a proven ability to drive results.
• General knowledge of various Cybersecurity domains such as: data protection, identity & access management, with an ability to identify risks across these areas.

AKA Brip Careers Worldwide