IT Risk & Assurance Job Description
IT risk & assurance
provides guidance and direction to ensure IT and Corporate security policies and procedures meet defined industry best practices.
IT Risk & Assurance Duties & Responsibilities
To write an effective IT risk & assurance job description, begin by listing detailed duties, responsibilities and expectations. We have included IT risk & assurance job description templates that you can modify and use.
Sample responsibilities for this position include:
Apply Regulatory Standards, including FFIEC, COBIT, ISO, NIST, and PCI
Act as a risk liaison to IT
Apply risk management processes to identify risk findings, enable control evaluation, recommend solutions, validate remediation plans, facilitate implementation and residual risk acceptance
Lead and coordinate risk mitigation projects
Communicate policies to ensure IT risk mitigation processes are effected
Develop metrics and measurement systems that identify weaknesses in controls
Recommend appropriate risk analysis tools
Track, compile and review materials for external and internal IT audit/regulatory and compliance incident
Investigate and accurately record and report on the details of data privacy and fraud incidents
IA processes, control evaluations and testing methodologies
IT Risk & Assurance Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for IT Risk & Assurance
List any licenses or certifications required by the position: CISA, CIA, CA, CPA, CBCP, CISM, CISSP, CGEIT, CIPP, CFE
Education for IT Risk & Assurance
Typically a job would require a certain level of education.
Employers hiring for the IT risk & assurance job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Systems, Business, Engineering, Accounting, Finance, Graduate, Information Technology, Management Information Systems, Business/Administration
Skills for IT Risk & Assurance
Desired skills for IT risk & assurance include:
COBIT and COSO and Sarbanes Oxley legislation and impact
HIPAA
Relevant software and procedures
Safe Harbor Privacy Rules and other regulations
ISO
Alternatives
Auditing and industry standards
COBIT
Current IT environment and industry IT trends to identify the engagement and client service issues
Cyber security protocols and industry best practices
Desired experience for IT risk & assurance includes:
Bachelors degree in Information Systems/Accounting or related discipline
Knowledge of security and controls of ERP applications
CISA certification required, CISSP, CPA preferred
2 to 5 years of experience in IT Audit
Strong critical thinking and problem solving skills, ability to piece together the ‘big-picture’ (vision/strategy, forward thinker)
Ability to express views/opinions clearly both orally and in writing [strong work paper documentation skills
IT Risk & Assurance Examples
1
IT Risk & Assurance Job Description
Job Description Example
Our growing company is looking to fill the role of IT risk & assurance. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for IT risk & assurance
- Making sure that compliance activities are scheduled and actioned across ITS
- Own roadmap and proactively identify and improvements in control and Assurance activities
- Manage IT assurance work for Client questionnaires
- Provide MI and Reporting of the effectiveness of Control activities for different stakeholders
- Run a risk and control meeting for control owners to ensure a consistent approach
- Provide oversight and coordination of BCM plans for IT Staff
- Work with Risk Function to ensure that monitoring of controls is undertaken across a control landscape
- Develop the IT processes within the risk GRC system and ensure IT adoption
- As a member of the IT leadership team, play a key part in developing the IT strategy to support the overall business strategy, delivering this through effective operational planning and execution to meet agreed goals
- Undertake high level research, horizon scanning and analysis to identify future governance and regulatory trends and assess applicability to support IT and business objectives
Qualifications for IT risk & assurance
- Postgraduate qualification (relevant to Service Area / Business Management)
- Minimum of 8 years of technology risk management and information security experience
- 3 years of experience in building and leading high performing teams
- Experience in leading information security and risk management teams and initiatives within large, complex health care organizations
- Proven track record and experience in developing information security policies, procedures
- Experience with managing GRC systems, workflow management, analytics and reporting platforms
2
IT Risk & Assurance Job Description
Job Description Example
Our innovative and growing company is hiring for an IT risk & assurance. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for IT risk & assurance
- Act as the senior point of contact for all audit and compliance related activities
- Establish clear strategic paths for all aspects of the services both within the immediate area of influence and for the IT department as a whole
- Responsible for the successful day to day operations of the area of responsibility within the IT function, and for successfully integrating these activities within the overall function
- Implement change to drive better engagement, efficiency and collaboration across the team to maximise outcomes for our department and for the organisation as a whole
- Develop the IT team professionally through being a role model and providing guidance, coaching and associated performance management to maximise performance and engagement
- Ensure hiring, performance management, development, career progression all take place effectively in alignment with organisational guidelines and processes
- Influence locally based colleagues and global counterparts, creating trusted relationships and driving higher levels of engagement with our colleagues and customers
- Act as mentor to junior members of the team, including those outside of the department where possible, to drive collective positive influence on career development across the division and company
- Maintain a portfolio of all items within your area of responsibility ensuring all components have a clear development roadmap, risk status, and clearly documented support and maintenance support agreements and arrangements
- Establish relationships with third party suppliers and support organisations to ensure that all aspects of the service are supported effectively and efficiently
Qualifications for IT risk & assurance
- Preference for professional certification (e.g., CISA, CISSP)
- Experience with Lean IT and Kanban principles and their application within Information Security programs
- Experience with the development, implementation and integration of IT risk management platforms
- Experience with both quantitative and qualitative risk analysis models and approaches
- Experience with ITIL, Lean and Kanban and delivery of risk management, security and audit as a service
- Ability to lead and motivate cross-functional, interdisciplinary teams
3
IT Risk & Assurance Job Description
Job Description Example
Our company is searching for experienced candidates for the position of IT risk & assurance. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for IT risk & assurance
- Ensure regular risk reviews take place for your areas of responsibility and clear mitigation plans are maintained in order to de risk any potential issues and minimise impact or potential degradation to business operations
- Ensure adherence to and improvement of processes and procedures relating to analysis, design, development, implementation, configuration and full life cycle management
- Oversee sustainment and development budgets for own area and support the overall departmental goals, through a clear practitioner level understanding of the financial governance processes
- Act as sponsor on major projects and programmes being delivered, ensuring the necessary delivery and governance processes are effectively met
- Assist the wider business with developing and delivering business propositions that rely on technology based solutions, attracting and obtaining major new program business where possible
- Act as a role model and mentor to other members of the team to drive collective positive influence on diversity and inclusion and career development across the organisation
- Manage the Policy and Process Framework, Annual Business Planning Cycle, Departmental Risk Registers, Project Review Boards and
- Establish, develop and manage the Security & Risk Forum
- Contribute to developing an environment of openness, trust, engagement and contribution within the IT team and wider community
- Lead IT Risk & Control Quality Assurance and ensure effective embedding of the ORCM framework across IT Shared Services
Qualifications for IT risk & assurance
- CISA preferred, or desire to obtain certification
- Networks(Technical)
- 3 – 5 years of experience in an auditing role
- Member of a small global audit co-ordination team within the IT Risk and Assurance function
- Responsible for co-ordination of all IT audits in North America and other International territories as requested
- Work with control owners and other key stakeholders to prepare for IT audits, internal and external
4
IT Risk & Assurance Job Description
Job Description Example
Our growing company is looking for an IT risk & assurance. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for IT risk & assurance
- Use insight and SME opinion to effectively challenge data relating to IT ORCM deliverables - RCSAs, Issues and Actions, Controls, Risk Events – IT Shared Services
- Influence IT teams to ensure improvement action is taken in a timely manner
- In addition to performing standard IT Risk QA processes, identify additional themes for ‘deep dive’ assurance activities as appropriate
- Engage and coach Risk Owners, Control Owners and Issue owners on IT ORCM framework best practices to ensure consistency and correct accountability
- Contribute to Global IT Risk & Assurance reporting through the delivery of insights from IT Shared Services
- Make recommendations, as appropriate, to enhance the IT Risk Quality Assurance process
- Use insight and SME opinion to effectively challenge data relating to IT deliverables - RCSAs, Issues and Actions, Controls, Risk Events - for International Markets
- Work with IT teams to build understanding, coach on enhancing the robustness and clarity of content, ensuring the customer impact of IT Risks is clear
- Engage and coach Risk Owners, Control Owners and Issue owners on IT best practices framework to ensure consistency and correct accountability
- Contribute to Global IT Risk & Assurance reporting through the delivery of insights from International markets
Qualifications for IT risk & assurance
- Work with the internal and external audit teams to agreed detailed audit schedules and walkthroughs
- Prepare for and co-ordinate IT Audits including briefing of attendees, attendance at meetings, co-ordination of scheduling and review of management responses
- Provide insight into audit findings and coach others through the development of remediation plans
- Facilitate the development and documentation of controls in response to issues raised by audit
- Provide appropriate challenge to both Internal and External auditors
- Follow up open Audit points and work with the wider IT team to resolve
5
IT Risk & Assurance Job Description
Job Description Example
Our company is growing rapidly and is looking for an IT risk & assurance. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for IT risk & assurance
- Deliver high quality and actionable insight from Quality Assurance activities that leads to action
- Identify key operational risk exposures and ensure appropriate visibility to senior management, up to and including the Group CIO
- Build trusted relationships across the International markets, including CIOs and market Risk leads
- Delivery of cross-market working practices and effective utilisation of own SME knowledge and the knowledge / capacity of the wider IT Risk team to maximise coverage of assurance
- Develops and maintains policies, standards, processes, and procedures to assess, monitor, report, escalate and remediate cyber risk while maintaining corporate compliance with mandated security regulations
- Assesses and reviews security and controls to ensure sustainable regulatory compliance
- Develops processes and monitoring to identify, quantify, analyze, and report risk and compliance status
- Coordinates cyber risk management efforts including identification, assessment, tracking and resolution of risk management activities across all levels of the organization
- Assists with training, including training material development and deployment to ensure that compliance and risk becomes a sustainable business practice
- Gathers and prepares documentation to support audits, self-assessments, data requests, etc
Qualifications for IT risk & assurance
- Status reporting and MI for senior stakeholders
- Support selection of appropriate tooling solutions
- Deputize for the Senior IT Risk and Assurance Lead/Audit Co-ordination Global Manager in respect of audit planning and co-ordination as required
- Hands on experience of executing an IT Audit – ideally as an IT Auditor
- Understanding of SOX and the nature of a SOX Audit
- Experience of non-SOX IT Audits including project, governance and operational