IT RISK AND SECURITY ANALYST
Position summary
Introduction
Job description
- Responsible for embedding IT and cyber risk management into IT teams
o Integrate into the IT teams and establish yourself as a trusted advisor and assurance provider, not a policeman. And work as part of the extended IT Risk management function to:
o Promote a risk conscious mindset through stakeholder engagement and awareness
o Proactively identify, track, and manage IT and cyber risks
o Coordinate internal and external audits
o Help monitor compliance to policies and standards
o Report on the status of risks, remediation, and progress to IT management
o Engage in projects and help deliver risk-related activities such as third-party risk assessments
o Leverage the IT GRC tool to manage and report on risk items
o Be the go-to person in the team to help the team help themselves manage risk
- Responsible for cyber security analysis and coordination within IT teams
o Be the first point of call for helping coordinate cyber security activities as part of projects and change within the IT team
o Leverage group security frameworks, policies, standards, and architecture to support the IT team in delivering change under the guiding principles of ‘shift left’ and ‘security by default’
o Support the IT team’s operational change requirements where relevant with guidance and advice
o Coordinate all these activities with the broader security team
o Identify and define security requirements for the IT team, for the broader security team to execute
Minimum requirements
· Grade 12 and relevant degree/diploma (3 years)
· Up to 8 years relevant experience in IT, IT risk, IT assurance and/or cyber security
WE ARE LOOKING FOR SOMEONE WHO HAS
· A relentless pursuit of risk reduction
· Autonomy and a proactive approach to work
· Experience with IT GRC tools
· The ability to say ‘yes, but’ and guide teams towards solutions that apply the right level of risk, governance, and security
BONUS IF YOU HAVE
· Relevant qualifications and certifications such as CISM, CISA, CRISC or CISSP
· The zest for assisting outside of working hours when required
· Knowledge of Woolworths IT and cyber security landscape, including systemic understanding of key business linkages and dependencies
· Is aware of and responsive to internal and external events and influences on the technical landscape
· Ability to research technology-related concepts, trends, and best practices, and apply findings
· Appropriately derives and organises the essence of information to draw solid conclusions
· Looks beyond symptoms to uncover root causes of problems to be solved
· Synthesises data from different sources to identify trends
· Presents problem analysis and a recommended solution rather than just identifying and describing the problem itself
· Proactively approaches others to obtain missing information
· Demonstrates a results-oriented mindset in planning and implementing activities/projects
· Clearly defines objectives and translates them into workable activities
· Monitors and tracks progress to ensure delivery of all planned commitments, and keeps the appropriate people informed
· Prepares written reports and briefs and communicates ideas clearly
· Speaks fluently in team meetings when presenting information
· Manages existing partnerships within established agreements or contracts; negotiates adjustments when mutually beneficial to do so
· Genuinely cultivates personal bonds with colleagues to enhance performance throughout the organisation
· Adjusts to work effectively within new work structures, processes, requirements, or cultures
· Demonstrates resourcefulness in acquiring necessary knowledge, skills, and competencies to adapt to change
