AUDIT & RISK ANALYSTDUBLIN WEST

back to search results

ICDS RECRUITMENT

  • 24 UPPER FITZWILLIAM STREET
  • DUBLIN 2
Apply now
  • Job reference number:15265175
  • Client ID:RI/KR16094
  • Posted on:10-AUG-2017
  • Salary:NEGOTIABLE
  • Location:DUBLIN WEST
  • Job type:PERMANENT

Audit and Risk Analyst - Dublin West

Department:

Risk, Information Security, and Compliance

Reporting to:

Head of Risk, Information Security and Compliance

Contract Type:

Permanent

Job Scope:

Reporting to the Head of Risk, Information Security and Compliance the Audit & Risk Analyst professional is responsible for the assessment of continual improvement of the company management systems and standards. These include: information security, enterprise risk, audits, data protection, and business continuity planning.

Responsibilities:

In this mid-level role, you will be required to: Plan, execute and lead security audits across an organization. Inspect and evaluate financial and information systems, management procedures and security controls. Provide written and verbal reports of audit findings. The role holder will be working in a small operational team and will be responsible for working cross-functionally within all departments under the guidelines provided by the Head of Risk, Information Security and Compliance to ensure that all company operational activities are continually assessed to achieve information security and efficiency throughout the business and to ensure all activities remain compliant to company policy and to all relevant legislation.

Audit:

  • Performing information security internal audits and on key external service providers to ensure that all processes are in line with best practice standards.
  • Provide assistance and support on all internal and external audits (e.g. ISO27001, PCI DSS, GDPR) which relate to Risk, Information Security and Corporate Governance/Compliance.
  • Provide Audit Management Programmes to ensure all follow up action plans and requests are completed to ensure appropriate mitigation plans are put in place.
  • Conduct analysis of network and endpoint data to identify false positives.
  • Perform technical security audits on the Company IT infrastructure to ensure sensitive data is stored and processed securely (e.g. firewall, server hardening, access control, anti-virus, patch management, vulnerability assessments, incident response etc.).
  • To perform ongoing cyber risk posture reviews of the business as part of the overall Risk Management system
  • Follow and document from an audit perspective the tests of the BCP and the Disaster Recovery (DR) Plan.
  • To analyse, document and highlight adherence to company Information Security policies.
Risk Assessment

  • In conjunction with the Head of Department, develop and maintain the Risk Register for the Company.
  • Review and update the information security risk assessment with all key areas of the business.
  • Help to promote an enterprise risk culture across all areas of the business.
  • Provide information security risk support on core services and during new projects implementation.
  • Perform vulnerability tests, interpret and identify the risks.
  • Perform risk assessments of business unit practices against selected Information Security control standards and previous audit results to identify gaps.
Information Security:

  • Capable to understand external reports of vulnerability assessments and penetration testing
  • To carry out Information Security awareness training throughout the business.
  • Provide information security advice to the decision-making process for all major IT infrastructure and operational changes within the business.
  • Provide input on information security policies, standards, baselines, and other related documents, as requested by the Head of Risk, Information Security and Compliance.
  • Help To promote a culture of data security awareness throughout the business.
  • To review and suggest improvements in the information security management system (ISMS).
Other Duties

- To perform other duties that may be requested from the Head of Risk, Information Security and Compliance.

Requirements:

- Bachelor Degree in Computer Science, information Security, or a related discipline.

- Some specific experience may be substituted for education at the discretion of the hiring manager.

- Minimum 4-5 years’ experience in audit, risk and information security.

- Knowledge of ISO 27001, and PCI DSS essential.

- Experience in at least one of the following Certifications: CISA, CRISC or CISSP.

- Presentation and communications skill essential

- Ability to work in Team environment.

- Experience of working within a changing and high-performance environment.

- Ability to work with staff at all levels effectively.

Specific Experience Required:

Information Technology:

  1. Strong understanding of network architecture and the security requirements of complex and interdependent ICT systems.
  2. Experience in managing and supporting Information Security Management systems.
  3. Server and Database hardening experience.

IT Audits:

Must have experience in Physical Audits and Logical Security Audits as well as Network Vulnerability assessment analysis, project management, reporting and delivery.

Experience of dealing with IT Security consultants (management, direction etc.)

Risk Register design, collation and management.

Report writing of both internal and external audit reports and recommendations.

Internal Audit:

IT Management, logical security and physical security audit experience.

Network audit management and experience.

Operations audit experience (business continuity, disaster recovery etc.).

Personal Characteristics

The risk analyst must have a strong:

'Can-do' attitude

Ability to take direction and be a team player

Ability to think outside the box

Business acumen to support customer (internal and external) needs

Ability to work with auditors, regulatory entities and cross-functional teams.

Knowledge of standards such as ISO27001, PCI DSS, GDPR etc.

Knowledge of review and enforcement of policies and procedures.

Ability to perform tasks using automated compliance tools.

Ability to discuss risk issues with senior management.

Ability to monitor for new compliance requirements and effectively articulate to management.

This job originally appeared on RecruitIreland.com