INFORMATION RISK ANALYST

Directorate:
Information Technology and Continuous Improvement
Work place:
Uralsk
Contract type:
Permanent
Shift pattern:
5/2
Posted on:
17.01.2024
CV submission date till:
27.05.2024

Education and work experience:

  • Bachelor's degree in Computer Science, Information Technology, Information Security, Cyber Security or a related field.
  • 2 or more years paid work experience in IT, Cybersecurity or related field, of which 1+ years are in IT Audit, Information Risk Management (IRM), Infrastructure, Telecom, Application support, experience may be concurrent.

Main functions:

  • Run and maintain the Cyber and Information Risk Management (IRM) functions and operations in line with KPO Strategy and KPO Cyber Security Strategy. Maintain and communicate the information risk management processes and reports.
  • Design, develop, implement processes and tools for IT Governance and Standards, Risk and Controls management, Line of Defence (LOD2) Assurance and Audit support.
  • Design and Implement a Compliance Assurance function for KPO IT which will oversee identifying IT Risks, designing controls for monitoring risks, collaborate with Line of Defence 1 (LOD1) teams in Cyber Defence Section and IT&T sections to operate these controls.
  • Maintain an assurance process to monitor control operations using various control testing mechanisms and report control operations compliance to Cybersecurity Management on quarterly, half-yearly and annual timelines. Operate a findings management process to monitor all control deviations, audit findings and oversee finding remediations with ownership from LOD1.
  • Bound and run information security risk and compliance management that align with business goals and protect the confidentiality, integrity and availability of KPO Digital and Information assets.
  • Identify, analyse and assess of Information risk and compliance scenarios. Operate along with Information Risk Section Head to plan and execute the day-to-day activities of IT audit and assurance engagements. Assist to coordinate internal and external audits for the areas of Information Security and Cyber Security.
  • Scrutinize Line of Defence 2 (LoD2) assurance testing and support audits on the Company's systems (internal/external). Ensuring compliance with statutory, regulatory, policy information, cyber security requirements, industry standards and best practices.
  • Conduct self-reliant reviews to assess the effectiveness of processes and controls and the overall compliance with the organisation's Cyber Security frameworks and policies. Test and verify cybersecurity-related products (systems, hardware, software and services), functions and policies ensuring compliance with guidelines, standards and regulations.
  • Educate, implement, and consult of technology risk management practices with key stakeholder groups across the Company.
  • Design standards and policies for KPO IT and Cyber Defence in close collaboration with Enterprise Systems Architect, IT&T Manager. Ensure that adequate controls are designed for KPO to adhere to all IT Standards and policies. Periodically reconsider standards and policies with consensus from key stakeholders.
  • Make proposals on Information Risk Management continuous improvement. Provide support in the identification and evaluation of risks, particularly when evaluating the risk and controls of Core-critical and critical systems and applications using a formalized risk management methodology.
  • Provide education and advisory services to applications/ systems/ data owners on Information Risk Management and Compliance. Maintain Information Security Risk Management and Compliance data repositories.
  • Maintain the Third-Party vendor risk management process for all Information Technology Vendors and Third-Party contractors including reviewing assurance reports and obtaining a right to audit if required in the contract phase on onboarding a vendor.
  • Monitor, test and evaluate cybersecurity standards and controls' effectiveness.
  • Implement a Risk based assessment process to better classify Digital assets within KPO. Implement a Business Impact assessment (BIA) to start grading Digital assets (High, Medium, Low). Operate a regular control to review BIA ratings of Key digital assets and update as required.
  • Support Information Risk Section Head in the finding management process (External and Internal Audit, LOD2 Assurance testing, etc.) for KPO. Help to identify a suitable tool to centrally monitor all findings from various assurance sources. Monitor findings for remediation deadlines. Review on remediate findings by performing due diligence on findings evidence.
  • Perform other instructions of management / line manager / direct superior within its competence.

Necessary knowledge and skills:

  • Mastery English is an advantage on this role;
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, and The National Institute of Standards and Technology (NIST).
  • Understanding of Information Technologies systems, knowledge on operating systems, telecommunications, databases, applications, system dependencies and interactions, etc.
  • Cybersecurity education programme development, training standards, methodologies and frameworks.
  • Cybersecurity recommendations and best practices. Cybersecurity controls and solutions.
  • Cybersecurity related laws, regulations and legislations.
  • Knowledge of Information risk management including risk identification, risk mitigation, findings management and testing methodologies.
  • In-depth knowledge of Information Security, Information risk management, Risk mitigation and remediation, and Infrastructure Protection tools and processes.
  • Prior hands-on knowledge on IT Audit would be beneficial.
To apply for