IT Governance & Security Analyst
Apply on
Position Summary:
Responsible in ensuring the organization’s information technology systems are secure, compliant with regulations, and aligned with business objectives
Job Description
1. Policy Development & Implementation: Establish and maintain IT governance policies and procedures, ensuring they align with the organization's overall objectives and regulatory requirements.
2. Compliance Monitoring: Ensure adherence to industry standards (e.g., ISO 27001, COBIT) and regulatory requirements such as GDPR, HIPAA, or SOX.
3. Risk Management: Identify, assess, and mitigate IT-related risks through risk assessments, audits, and governance frameworks.
4. Alignment with Business Goals: Collaborate with business leaders to align IT strategy with business goals and objectives.
5. Performance Measurement: Establish metrics (KPIs) to evaluate the performance of IT services and systems against governance standards.
6. Audit and Review: Regularly review IT processes, systems, and infrastructure to ensure they meet governance and compliance requirements.
7. Security Monitoring & Incident Response: Monitor networks and systems for security breaches, investigate alerts, and lead the incident response process to mitigate cyber threats.
8. Vulnerability Management: Conduct regular vulnerability assessments and penetration testing to identify and address security weaknesses in systems.
9. Access Control & Identity Management: Manage user access controls, ensuring that only authorized individuals can access sensitive systems and data.
10. Threat Intelligence & Prevention: Stay up-to-date on emerging cybersecurity threats and implement proactive measures to protect the organization's assets.
11. Security Awareness Training: Lead or coordinate training programs to educate employees on security policies, procedures, and practices.
12. Security Audits & Compliance: Conduct security audits and ensure compliance with cybersecurity regulations and frameworks (e.g., NIST, PCI-DSS).
13. Disaster Recovery: Manage IT risk and ensure that the organization has an effective disaster recovery and business continuity plan.