IT Risk & Control Analyst

The R&C IT Analyst is also a subject matter expert, responsible for advising the Risk team on controls design, deficiencies evaluation and improvements across multiple processes from testing standpoint.

A successful risk professional requires a dynamic personality and ability to adapt in a rapidly changing environment.

B. responsible: key areas of responsibility will include, but are not limited to:

• Execute and lead testing end to end for the assigned areas:

• Design and execute the day-to-day testing activities of IT controls, with a focus on regulatory/compliance related risks

• Collect, analyze, and interpret information to assess and conclude on each assigned testing area with clear concise documentation

• Identify gaps in design and execution, and communicate issues and recommendations to R&C team and control owners

• Develop and maintain comprehensive documentation including process walkthrough documentation, control testing documentation and any others required

• Collaborate and partner with R&C by providing guidance and ensuring that critical IT controls are adequately designed and documented, in order to strengthen the control environment, mitigate the company risks and support the business in achieving objectives

• Collaborate & participate within R&C to continuously improve the R&Cs capabilities and governance from an IT testing standpoint

B. skilled:

• The ideal candidate will have a strong background in IT risk management, IT frameworks, governance and controls, Segregation of Duties, and ERP audits.

• 4+ years of experience gained within IT compliance, internal controls, internal/external audit, including experience working with teams in an international environment

  • Strong understanding of design assessment and operating effectiveness assessment of IT controls, and interface controls.

  • Experience in technology-based product development / DevOps processes, cloud security and other modern day technologies

  • Understanding of different architecture (SOA and micro services), and ability to review source codes is an added advantage.

• Understanding of and experience with risk management relevant fields and frameworks, including SOx, COSO, and COBIT

• working knowledge of SOx an advantage

• Ability to multitask and successfully manage multiple priorities and projects

• Strong work ethic, enthusiastic, self-starting, adaptable and enjoys change in a super engaged team

• Excellent communication skills to interact with audit teams, management and other stakeholders effectively

• Ability to work effectively in a virtual environment

• Fully comfortable working in English, both written and spoken

• Professional certification, such as CISA/CRISC/CIA (or similar), would be an advantage

• Relevant bachelors degree required

• Experience working with a Big4 is preferred

Key Skills

• Understanding of and experience with risk management relevant fields and frameworks, including SOx, COSO, and COBIT

• 4+ years of experience gained within IT compliance, internal controls, internal/external audit, including experience working with teams in an international environment
• Design and execute the day-to-day testing activities of IT controls, with a focus on regulatory/compliance related risks