IT Security Risk and Compliance Analyst
Summary:
We are seeking a highly skilled and detail-oriented IT Security Risk and Compliance Analyst to lead our IT risk management and compliance initiatives. In this role, you will oversee audit management, ensure adherence to ISO 27001/ 31000 and other standards, and leverage our GRC tool for SAP SOD, access management, and governance. Additionally, he/she will be responsible for SAP authorization management, Transport Request (TR) activities, and assisting with ISA 315 ITGS audits. The ideal candidate will play a crucial role in safeguarding our information systems, ensuring regulatory and internal policy compliance, and enhancing our overall IT security posture.
Duties and Responsibilities:
Risk Management and Compliance:
- Develop, implement, and maintain a comprehensive IT risk management framework to identify, assess, and mitigate risks.
- Ensure ongoing compliance with ISO 27001, relevant industry standards, and regulatory requirements.
- Collaborate with cross-functional teams to enhance and maintain the organization’s information security posture.
- Identify gaps in current processes and propose improvements to strengthen IT risk management.
Audit Management:
- Plan and execute internal and external IT audits, including preparing audit schedules, maintaining documentation, and managing evidence collection.
- Coordinate with auditors to address findings, implement corrective actions, and close gaps.
- Track and report on the status of audit remediation efforts, ensuring continuous improvement.
- Assist in facing and coordinating ISA 315 ITGS audits by preparing necessary documentation and facilitating communication with auditors.
SAP GRC Administration and SAP Audit Log Review:
- Oversee the administration and optimization of SAP Governance, Risk, and Compliance (GRC) solutions.
- Configure and maintain the GRC tool to support segregation of duties (SoD), access control, and automated risk assessments.
- Monitor and analyze GRC reports to proactively manage risks and controls, and ensure continuous alignment with best practices.
- Conduct regular SAP audit log reviews to monitor system and other activities and detect any anomalies or unauthorized actions.
Control Management:
- Design, implement, and maintain IT controls to mitigate operational, compliance, and security risks.
- Conduct regular reviews and testing of IT controls to ensure they remain effective and aligned with evolving standards.
- Develop and maintain detailed documentation for IT controls, policies, and procedures, identifying and addressing any process gaps.
Reporting and Communication:
- Prepare detailed reports on risk assessments, audit findings, and compliance status for senior leadership.
- Effectively communicate IT risks, compliance requirements, and remediation efforts to stakeholders at all levels.
- Provide training and support to staff on compliance-related matters to enhance the organization’s overall security culture.
Qualification:
Educational Background
Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field.
Related Work Experience
- Minimum 6 years of experience in IT risk management, compliance, or related fields.
- Proven experience with ISO 27001 implementation and certification.
- Hands-on experience with GRC tools and audit & risk management.
Preferred Technical Qualification / Certifications
- GRC & Risk tools, ITIL, ISO27001, Identity & Access Management
- ISO 27001 Information Security Lead Auditor/Implementer
- ITIL / PMP / ISO 31000:2018 Risk Management Certification
- SAP Audits Certification
- Additional certifications such as CISA or CISM are a plus.
Technical/Functional Competencies
- Strong knowledge of IT governance frameworks (e.g., ISO 27001, COBIT, ITIL, GRC) and regulatory requirements.
- Proficiency in conducting risk assessments and implementing IT controls.
- Excellent project management and organizational skills.
- Strong analytical, problem-solving, and decision-making abilities.
- Exceptional communication and stakeholder management skills.
- In-depth understanding of SAP security concepts, particularly in authorization management and Transport Request (TR) processes.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
