INFORMATION RISK ANALYST

Directorate:
Information Technology and Continuous Improvement
Work place:
Uralsk
Contract type:
Permanent
Shift pattern:
5/2
Posted on:
24.05.2023
CV submission date till:
17.08.2023

Education and work experience:

  • A bachelor's degree in Computer Science, Information Technology, Information Security, Cyber Security or a related field.
  • 2 or more years paid work experience in IT, Cybersecurity or related field, of which 1+ years are in IT Audit, Information Risk Management (IRM), Infrastructure, Telecom, Application support, experience may be concurrent.

Main functions:

  • Run and maintain the Cyber and Information Risk Management (IRM) functions and operations in line with KPO Strategy and KPO Cyber Security Strategy. Maintain and communicate the information risk management processes and reports.
  • Design, develop, implement processes and tools for IT Governance and Standards, Risk and Controls management, Line of Defence (LOD2) Assurance and Audit support.
  • Design and Implement a Compliance Assurance function for KPO IT which will oversee identifying IT Risks, designing controls for monitoring risks, collaborate with Line of Defence 1 (LOD1) teams in Cyber Defence Section and IT&T sections to operate these controls.

Necessary knowledge and skills:

  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, and The National Institute of Standards and Technology (NIST).
  • Understanding of Information Technologies systems, knowledge on operating systems, telecommunications, databases, applications, system dependencies and interactions, etc.
  • Cybersecurity education programme development, training standards, methodologies and frameworks.
  • Cybersecurity recommendations and best practices. Cybersecurity controls and solutions.
  • Cybersecurity related laws, regulations and legislations.
  • Knowledge of Information risk management including risk identification, risk mitigation, findings management and testing methodologies.
  • In-depth knowledge of Information Security, Information risk management, Risk mitigation and remediation, and Infrastructure Protection tools and processes.
  • Prior hands-on knowledge on IT Audit would be beneficial.
  • Knowledge of English language at intermediate level or higher.
To apply for