Information Risk Analyst in IT Business Risk and Controls Team

Application period has expired.

The IT Business Risk and Controls (ITBRC) team is part of Group Information Security department with colleagues located in Denmark, Lithuania and India. As Information Risk Analyst, you will be assigned to very interesting tasks that primarily includes support the IT Security and Risk Assessment process. Your work will be exciting and challenging because you will be able to touch on various technologies, work with variety of different stakeholders and support improvements all over the bank.

We are looking for Information Risk Analysts, who will work as part of the ITBRC team to mature IT Security and Risk Assessment service provided by the team, work very closely with Group IT teams to achieve shared goals in terms of IT security. You will contribute to the team by providing the improvements to the existing services and the way how are things being done at the moment, so that further maturity and efficiency would be achieved.

As part of your role, you will actively participate in discussions and provide your inputs to narrow down and agree on process scope, improvements and required artefacts (e.g. in scope/out of scope technologies or domains, controls, sufficient evidence requirements etc.

You will:

• Act as liaison for internal management
• Review and analyse IT Security & Risk Assessments
• Review group wide controls, evaluate the adequacy of system controls and recommend improvements
• Review and analyse the control structure, perform walkthrough and testing procedures, document testing results and communicate results to the process owners
• Evaluate the adequacy and timeliness of management’s response and the corrective action taken on recommendations
• Perform other BAU duties as assigned

About you:

• Education in IT engineering or equivalent
• Preferred 3+ years of experience with Information Security, IT Risk Management.
• Good knowledge of IT Risk and IT Control Management processes
• Professional qualifications: CISA, CISM, CISSP, ITIL (advantageous, but not required)
• Experience with various operating systems, applications, network management technologies, database management systems and information security in general
• Basic understanding of IT technology and operations, which can be used in a risk, security and quality context
• Experience in using Service Now toolset
• Good understanding of IT security principles
• Understanding of NIST and ISO standards
• Ability to evaluate business processes and IT technology, identify IT risks, evaluate controls and propose improvements
• Ability to liaise with individuals across a wide variety of operational, functional and technical disciplines and successful communication with people at all levels of the organization

We are growing and looking for reinforcement to our organization.
Up for a challenge?
Apply or reach out to me if you have any questions.

Edita Navicke, Talent Acquisition Consultant

Application period has expired.

If you are interested, please send your CV in English no later than 05.06.2020. Confidentiality guaranteed.

Your title in job contract will be Officer - Business Risk and Controls.