Epicareer Might not Working Properly
Learn More

IT Governance & Security Analyst

Salary undisclosed

Apply on


Original
Simplified

Position Summary:

Responsible in ensuring the organization’s information technology systems are secure, compliant with regulations, and aligned with business objectives

Job Description

1. Policy Development & Implementation: Establish and maintain IT governance policies and procedures, ensuring they align with the organization's overall objectives and regulatory requirements.

2. Compliance Monitoring: Ensure adherence to industry standards (e.g., ISO 27001, COBIT) and regulatory requirements such as GDPR, HIPAA, or SOX.

3. Risk Management: Identify, assess, and mitigate IT-related risks through risk assessments, audits, and governance frameworks.

4. Alignment with Business Goals: Collaborate with business leaders to align IT strategy with business goals and objectives.

5. Performance Measurement: Establish metrics (KPIs) to evaluate the performance of IT services and systems against governance standards.

6. Audit and Review: Regularly review IT processes, systems, and infrastructure to ensure they meet governance and compliance requirements.

7. Security Monitoring & Incident Response: Monitor networks and systems for security breaches, investigate alerts, and lead the incident response process to mitigate cyber threats.

8. Vulnerability Management: Conduct regular vulnerability assessments and penetration testing to identify and address security weaknesses in systems.

9. Access Control & Identity Management: Manage user access controls, ensuring that only authorized individuals can access sensitive systems and data.

10. Threat Intelligence & Prevention: Stay up-to-date on emerging cybersecurity threats and implement proactive measures to protect the organization's assets.

11. Security Awareness Training: Lead or coordinate training programs to educate employees on security policies, procedures, and practices.

12. Security Audits & Compliance: Conduct security audits and ensure compliance with cybersecurity regulations and frameworks (e.g., NIST, PCI-DSS).

13. Disaster Recovery: Manage IT risk and ensure that the organization has an effective disaster recovery and business continuity plan.