Government of Jamaica

You are here

IT RISK ANALYST

JOB PURPOSE

Under the supervision of the Manager - IT Risk Management & Compliance, the Senior IT Risk Analyst has responsibility for executing various risk management processes to ensure that risks are managed in accordance with the overall risk management strategy.  This includes conducting risks and business impact assessments; developing risk treatment plans; and coordinating the development/testing of the company’s disaster plan and business continuity plans.  This position also assists in the development of IT Security and Risk management policies, procedures, standards; and coordinating security awareness activities.

Core Responsibilities:

•Develops policies, processes, and procedures for identifying, assessing, and mitigating risks to information assets, personnel, facilities, and equipment

•Provides  input to policies, plans, procedures, and technologies to balance the level of risk associated with benefits provided by mitigating controls

•Participates in the development of information security policies, standards, supporting guidelines and procedures, ensuring alignment with company objectives and appropriate standards 

•Develops  and recommends disaster avoidance strategies and impact reduction strategies

•Lead business impact assessments to determine recovery requirements

•Coordinates all aspects of actual recovery plan implementation and efforts, including initial emergency response, recovery procedures, and business resumption processes

•Develops  business continuity training content for inclusion in on-going security awareness  training

•Develops disaster recovery procedures for the restoration of mission-critical business applications in the event of natural disasters, technical failures, power outages, and human interference

•Executes comprehensive testing  of  business continuity/disaster  recovery processes  to ensure alignment  with business requirements    

•Conducts threat and vulnerability assessments and recommends appropriate mitigating actions based on the level of risk.

•Enforces compliance with the vulnerability management processes

•Ensures that vulnerabilities are tracked to remediation or acceptance by the business and IT owners.

•Maintains awareness of security threat information.

•Conducts risk assessments and business impact analyses to identify vulnerable areas within the company’s critical functions

•Identifies risk/functionality trade-offs, and work with stakeholders to ensure that risk management implementation is consistent with the company’s risk policy and posture.

•Ensures compliance activities are performed and/or implemented to achieve agreed  Compliance objectives

•Ensures that standards and guidelines are followed, or that proper, consistent accounting or other practices are being employed

•Develops methods to monitor and measure risk, compliance, and assurance efforts

Provide an accurate technical evaluation of the software application, system, or network, documenting the security posture, capabilities, and compliance with relevant standards.

•Develops  security awareness and training policy and programme

•Develops training content for inclusion in on-going security awareness training and train staff members

•Assesses the security awareness and training programme to ensure that it meets stakeholder needs, is effective and covers current IT security issues and obligations

Requirements:

•Bachelor’s Degree in Computer Science or equivalent.

•Minimum of four (4) years’ experience in IT Risk Management, IT Security, or related field.

•Previous technology experience preferably as a DBA , Systems Administrator or IT Security Auditor

•Information risk management certification, such as CRISC or equivalent, is desirable

Desired Competencies:

•Good oral and written communication skills

•Excellent analytical, conceptual and problem-solving abilities

•Ability to work under pressure, in a target driven environment

•Able to work collaboratively with others to provide a high quality service

•Goals and results oriented

•Ability to concentrate for extended periods

•Good planning and organizing skills

•Good interpersonal skills

Applications should be sent no later than January 26, 2018 to:                     

Director – Human Resource Management & Administration

eGov Jamaica Limited

P.O. Box 407

Kingston 6

or email: recruitment@egovja.com

We thank all applicants for their interest these career opportunities.  Please note, however, that only shortlisted candidates will be contacted.