IT Risk and Compliance Officer

Job Purpose: The incumbent will be focused on developing, maintaining, and upholding policies to ensure compliance in all areas of IT operations, including internal rules and procedures and external regulations.

Job Purpose:

The IT Risk and Compliance Officer is focused on developing, maintaining, and upholding policies and procedures to ensure GBTI maintains compliance in all areas of IT operations, including compliance with internal rules and procedures and compliance with external regulations. The position is also responsible for the identification and mitigation of IT risks both internal and external to the organization

Key Responsibilities:

-        Responsible for the identification, assessment, escalation, and mitigation of risks related to IT services.

-        Responsible for the development of risk mitigation activities (physical, business, and financial controls) to improve the control environment.

-        Responsible for the development, review, and maintenance of the IT risk register.

-        Prepares IT operational risk management plans.

-        Formulates audit plans to test the operating effectiveness of key controls.

-        Prepares risk management reports when required.

-        Track and monitor IT risks within the organization.

-        Execute IT risk assessments, including evaluation of the security program and periodic penetration testing.

-        Develop and maintain IT risk management methodologies.

-        Establish global threat intelligence processes.

-        Responsible for monitoring legal and legislative compliance requirements.

-        Responsible for maintaining processes and metrics aligned to industry best practices.

-        Monitors compliance with implemented standards.

-        Establish advanced security monitoring and behavioral security analytics programs.

-        Ensure system security is maintained and updated.

-        Oversee network of vendors who secure the company's assets.

-        Develop and review service level agreements with the business area and with vendors, for current operations and new infrastructure projects, defining and maintaining the quality standards of service.

-        Formulates audit plans to test the operating effectiveness of key controls.

-        Assists in the development, testing, and updating of business continuity and disaster recovery plans.

Educational and Experience Requirements 

-        A Degree in Computer Science or related technical discipline

-        At least 3 years experience in an IT security-related role.

Functional/ Technical Requirements

-        ISACA CISA.

-        GIAC Certified Incident Handler.

-        CompTIA Security+

-        Specific certifications in IT security, particularly in technological programs.

-        Knowledge and experience in detailed definition of technical security requirements, heterogeneous security  technologies, and in the design/deployment of complex security processes

-        Strong analytical skills and creativity for developing and deploying security solutions.

-        Knowledge of security tools and deploying security policies using those tools.

-        Knowledge, understanding, and ability to apply ISO 27001 and 27002 frameworks.

-        NIST SP 800-37 R1 Risk Management Framework.

-        Perform risk and vulnerability assessments.

-        Understanding of network and system administration

-        Understanding of PCI compliance requirements

Behavioral Competencies 

-        Attention to detail.

-        Leadership: ability to transfer knowledge and direct people to make decisions and reach objectives

-        Desire to learn new concepts and test new techniques.

-        Knowledge sharing: demonstrate the ability to share knowledge and be proactive in disseminating information to involved parties.

-        Ability to build relationships quickly and should possess a quick analytical mind and a decisive nature.

-        Excellent communication, persuasion, and public-speaking skills for the purpose of winning approval of policies and owning them cradle-to-grave.

-        An understanding of the internal audit process.