Job Description
Information Governance and Security (IGS)

The IGS function within the Discovery Group aims to provide assurance that the organisation’s information assets are adequately protected against threats on a continual basis. This is achieved by finding the right balance of information security and business freedom.

Key Purpose

• The Information Security Risk and Assurance Analyst is responsible to assist the Assurance team with implementing and maintaining risk and assurance activities, in accordance with policies and standards set by Group Risk Management (GRM). This caters to technology assurance, information privacy assurance, security assurance and quality management across IGSs remit, within Group Information Services (GIS). Accurate, complete and relevant reporting is a key function of this role.

Areas of responsibility may include but not limited to

• Coordinate, communicate and facilitate risk activities such as risk meetings, workshops and reviews in alignment with the GRM frameworks.
• Execute on the required risk management practices such as detailed risk assessments, reviews, Process Control Self-Assessments (PCSAs), Key Risk Indicators (KRIs), dispensations, action plan monitoring and maintaining risk data in the risk system.
• Manage and perform risk reporting in line with reporting cycles. Identify practical solutions to address control weaknesses and process deficiencies. This is to assist with ensuring that the mitigation action plans are appropriate for the risks and that risks are managed within agreed limits and thresholds.
• Perform data analysis to support findings and corroborate reporting.
• Collaborate with stakeholders across GIS in ensuring that reviews are performed; and timely and accurate feedback is obtained.
• Propose and implement initiatives to improve the risk maturity of the risk management function.
• Provide guidance and training to business as required.

Personal Attributes and Skills

• 3+ years of experience in the Information Risk and Security fields.
• Experience in IT risk management, IT audit, IT regulations and Cyber Security.

Education and Experience

• BCom Informatics/BSc in Information Systems or Computer Science or related degree (advantageous).
• Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC) (preferred).
• Studying towards a risk qualification.
• COBIT, ITIL, NIST and Risk Management frameworks.
• Objective reporting and attention to report writing.