IT Risk and Controls Analyst

FOR MY CLIENT IN DEN HAGUE, I AM LOOKING FOR AN IT RISK AND CONTROLS ANALYST. IF YOU ARE INTERESTED, THAN PLEASE SEND US YOUR CV IN WORD, IN ENGLISH AT:(see below)

Start 1st of September
Duration 1 year with possible extension afterwards
Rate: market
Full-time on location
Resume in English

The client's Information Risk Management (IRM) function enables and assists in protecting IT systems and infrastructure against information security threats and in meeting legal and regulatory compliance requirements for information assets.

The primary focus for the Risk and Controls Analyst is to perform project reviews and to conduct risk assessments, to ensure effective IT security controls are selected and implemented by IT infrastructure projects. Important aspect of this role is to engage with IT project managers and Infrastructure Service Providers, and to provide assurance of secure solution delivery. The Client is using standardized frameworks for IT project delivery and IT security controls. IT infrastructure projects are traditionally in network and communication, hosting and storage and end-user computing space but more and more projects are delivering cloud based solutions.

This role requires detailed knowledge of risk assessment methodologies, industry security requirements and standards, and IT security control frameworks. Managing project stakeholders and the supplier interface are key to success. Additionally the candidate should have a strong technical background in IT infrastructure, preferably in the area of end-user computing and/or network infrastructure.

Key responsibilities

- Execute IT project reviews - guide projects towards project stage gate sign-offs to ensure projects deliver secure, reliable and compliant IT solutions;
- Undertake risk assessments on IT Infrastructure projects in the area of networks and communication, hosting and storage, cloud and end user computing environments;
- Engage with IT Infrastructure project managers, portfolio owners, service managers and other stakeholders to ensure IT security risk is understood, to select the appropriate IT controls, and to ensure that IT security risks are mitigated and that selected IT controls are implemented by the project;
- Ensure timely, complete and accurate registration of project review records (justifications, sign-offs, risk acceptances) in the appropriate registers and systems;
- Ensure the most significant security risks (technical and non-technical) are identified, and mitigated. In case of residual security risk, ensure risk is accepted and proper handover takes place to relevant stakeholders;
- Ensure that identified and implemented controls are handed over to control monitoring and supplier assurance teams;
- Ensure Information Risk Management control framework is applied for use in infrastructure projects, including scenarios such as outsourced environments and cloud providers;
- Assist with data process adherence and quality improvement initiatives;

Experience & Qualifications

- Minimal Bachelor's degree, preferably with additional recognized security qualification or equivalent to CISSP, CRISC, CISA or CISM.
- Substantial experience in IT service or IT project delivery, ideally in the Information Risk Management area and with an outsourced environment.
- A practical understanding of, and experience with IT infrastructure, architecture and technology solutions would be advantageous. End User computing knowledge and network security domain is considered a plus.
- IT risk assessment experience in various technologies is required.
- An understanding of risk management methodologies, proven capability in analysing IT infrastructure risks and working knowledge on IT security control frameworks (eg, ISO, COBIT, SANS 20)
- Experience in stakeholder management with diverse interest groups including IT project management, IT security, compliance, architecture, service delivery would be a plus.
- Must be comfortable working virtually.
- Strong communication skills in English.