Job Description
Job title/position: Information Risk Analyst | Number of positions: 1 |
Reports to: Africa Chief Information Security Officer | |
Function and Business Unit: Central Services Unit – Risk Management | |
Description of the role and purpose of the job: Responsible for assisting the Security Governance Manager with Information Security Governance and Compliance related activities across the Africa Cluster. The Information Risk Analyst will be responsible for assisting with and conducting Information Security Risk Assessments, Information Protection Audits, tracking risk remediation tracking, security policy and standard reviews and implementation tracking. | |
Key performance areas and key performance indicators: Conduct Information Security Risk Assessments · Conduct risk assessments of new and existing technology solutions · Update and maintain Technology Risk Assessment registers ensuring completeness and accuracy · Assist the sub-cluster Security Liaisons with completion of Information Security Risk Assessments
Manage Internal and External Audits · Assist with the co-ordination and completion of Internal Audits planning, preparation, and execution · Assist with the review of proposed risk treatment plans
Manage remediation action plans · Assist with the review and implementation of audit finding remediation actions · Assist with monthly status report of Information Protection related remediation actions to the Africa CISO
Management of Information Security Client Questionnaires · Completion of information security related client questionnaires · Provide assist to the Africa sub-cluster Security Liaisons with completing client questionnaires
Management of client and third-party contract reviews · Review of information security related clause in client contract · Assist the Africa sub-cluster Security Liaisons where required · Provide input into annual contract review process
Management of Compliance Reviews · Assist with annual information security compliance review programme for the Africa Cluster · Assist with monthly status reports to the Africa CISO
Policy and Standards Implementation · Review and assist with the implementation of new or changes to information security policy and security standards across the Africa cluster
Support the implementation of CISO related Projects and other team initiatives · Where required, assist with the implementation of information protection related projects across the Africa Cluster | |
Minimum requirements (Desired qualifications and experience) · 2 years’ experience in Information Security Governance and Compliance · Related Degree would be preferred · Industry recognized qualifications such as ISO27001 Practitioner would be preferred · Professional certification preferred: CISA · Demonstrate knowledge of Information Security Governance and Risk Management · Practical work experience in Information Security Governance, including risk treatment, analytics, policy and security standard review · Demonstrated knowledge of information security risk assessment processes and principles. · Demonstrated experience in Information Security Audits | |
Core competencies (attributes) · Attention to detail and ability to adapt to changing environments · Able to work independently and as part of a team · Ability to coping with high stress environments · Ability to analyse and interpret information · Ability to organise, manage and prioritise multiple tasks and work under pressure |