IT Control and Risk Specialist

Purpose

• As an IT Internal Control and Risk Specialist, you develop and implement IT control frameworks and risk management strategies. Conduct risk assessments, ensure compliance with regulations, and monitor internal controls. Collaborate with stakeholders to enhance IT security and mitigate risks.

Responsibilities

• Develop and Implement Control Frameworks:
• Lead and participate in the development of IT control frameworks and policies to ensure compliance with regulatory requirements and industry standards.
• Conduct risk assessments and identify areas of improvement in IT processes and systems.
• Design, implement, and maintain internal controls to safeguard IT assets and ensure the integrity of financial reporting.
• Monitor and Evaluate IT Controls:
• Perform regular reviews and testing of IT controls to ensure their effectiveness and adequacy.
• Identify control deficiencies and recommend appropriate remediation actions.
• Monitor IT systems and processes for potential risks and vulnerabilities, and implement corrective measures.
• Collaborate with Stakeholders:
• Work closely with IT teams, business units, and external auditors to ensure alignment of IT controls with business objectives.
• Provide guidance and support to IT and business stakeholders on control-related issues and best practices.
• Collaborate with compliance and risk management teams to ensure integrated risk management across the organization.
• Reporting and Documentation:
• Prepare comprehensive reports on the status of IT controls, including findings, recommendations, and remediation plans.
• Maintain thorough documentation of IT control activities, risk assessments, and audit findings.
• Ensure all control-related documentation is accurate, up-to-date, and accessible.
• Training and Awareness:
• Develop and deliver training programs to increase awareness of IT controls and risk management practices among staff.
• Foster a culture of continuous improvement and proactive risk management within the IT department.
• Support Audit Activities:
• Facilitate internal and external IT audits by providing necessary documentation and support.
• Ensure timely resolution of audit findings and implementation of audit recommendations.
• Act as a liaison between auditors and IT teams to ensure clear communication and efficient audit processes.

Education

• Bachelor's Degree: A bachelor's degree in computer science, information technology, business administration, or a related field is required.
• Certifications: Relevant certifications such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Risk and Information Systems Control (CRISC), or ITIL (Information Technology Infrastructure Library) are preferred.
• Advanced Degrees: A master's degree in business administration, computer science, or a related field is preferred but not mandatory.
• Language Proficiency: Proficiency in English is essential for effective communication with team members, stakeholders, and external vendors.

Experience

• At least 5 years of experience in IT operations, internal controls, risk management, or a related field.
• Leadership and Managerial Experience: Proven experience in a leadership or managerial role within IT operations or risk management.
• IT Operations and Risk Management: Demonstrated ability to develop and oversee IT control frameworks, policies, and procedures to ensure compliance with regulatory requirements and industry standards.
• Technical Skills: Strong technical background with hands-on experience in designing, implementing, and managing IT infrastructure, including servers, networks, storage, and cloud environments.
• Regulatory Compliance: Experience with compliance standards and frameworks such as ISO 27001, NIST, and GDPR.
• Audit Support: Proven experience in supporting internal and external IT audits, including preparing documentation and addressing audit findings.
• Analytical and Problem-Solving Skills: Strong analytical skills and the ability to identify, assess, and mitigate IT risks effectively.
• Communication Skills: Excellent communication and interpersonal skills with the ability to liaise effectively with stakeholders at all levels of the organization.
• Certifications: Relevant certifications such as CISA, CISSP, CRISC, or ITIL are preferred.
• Team Leadership: Strong leadership and team-building skills, with the ability to mentor and guide technical staff to achieve performance goals and objectives.

Functional Competencies