Technology Risk Management IT Audit Analyst (CISSP or CISA Preferred)

Responsibilities:

Operational Support & Reporting

·        Prepare project status reports, management reports, and dashboards for all scope areas (projects, operations, risk, vendor management).

·        Deliver ad hoc reports for urgent leadership decisions and audits, ensuring clarity, accuracy, and actionable insights.

·        Track operational metrics (e.g., SLAs, incident/defect rates, lifecycle KPIs) and provide insights for decision-making.

·        Maintain reporting cadences and data quality standards; automate recurring reports where feasible.

·        Support process standardization and governance across technology operations, including documentation, templates, and SOPs.

Audit & Risk Management

• Manage internal and external audits and reviews, including GRC updates, RFIs, and audit observations.
• Provide risk oversight and governance for technology domains.
• Lead audit readiness activities: evidence management, engagement coordination, remediation tracking, and closure.
• Monitor risks and track resolution of issues from breaches, incidents, reviews, and inspections; ensure timely updates and escalations.
• Maintain knowledge artifacts: playbooks, control catalogs, FAQs, and micro-learning content.
•  

Digital Workplace & Vendor Management

• Oversee TPRA, vendor management, BCM, annual KRCSA, and risk reduction initiatives.
• Manage technology asset lifecycle (hardware, software, licenses): refresh planning, obsolescence tracking, and decommissioning.
• Coordinate procurement operations and vendor/contract enablement: intake, sourcing, onboarding, renewals, and compliance.
• Partner with Vendor Management to track performance, SLAs, and contract obligations; support third-party risk assessments.

Technology Governance & Vulnerability Management

• Oversee vulnerability management, remediation, and ISRA renewals.
• Liaise with application domains on ORSA submissions, including obsolescence scope, budgeting, and delivery timelines.
• Act as liaison for Tech Obsolescence task force and provide reporting.
• Manage RTB Capex projects: budget tracking/approval, memo approvals, and escalation handling.

Key Deliverables

• Management reports and dashboards for leadership and governance (including ad hoc requests).
• Operational reporting with actionable insights.
• Governance dashboards and risk reduction plans.
• Compliance evidence (audit reports, remediation tracking, certification renewals).
• Security assessment reports and vulnerability test results.
• Lifecycle and obsolescence compliance validation.
• Procurement documentation and vendor performance tracking.

Requirements:

Core Skills & Competencies

·        Operational Reporting: KPI design, data quality, dashboarding, storytelling with data.

·        Risk & Controls: Control design/effectiveness, risk assessments, issue management.

·        Audit Readiness: Evidence management, walkthroughs, remediation tracking, stakeholder coordination.

·        Process Governance: SOP creation, standardization, continuous improvement.

·        Vendor & Asset Management: Lifecycle planning, procurement coordination, third-party risk awareness.

·        Stakeholder Management: Cross-functional orchestration, facilitation, conflict resolution.

·        Tools: Power BI, Excel (advanced), Jira, SharePoint/Confluence.

Education:

·        Bachelor’s degree in a relevant discipline (CS, IT, Info Systems, Cybersecurity, Engineering)

·        Preferred: Enhanced Credentials: Industry-recognized certifications such as CISA, CISM, CISSP, etc)

·        At least 8-12 years’ relevant experience preferably in a Finance Institution.

Essential:

Experience

8–12 years in technology operations, risk/governance, or PMO support roles within banking or large enterprise environments.

1. Operational Reporting & Data Analysis

·        3–5 years’ experience in preparing management reports, dashboards, and KPIs.

·        Strong ability to interpret complex operational data and present it in a clear, concise, and actionable format.

·        Experience with ad hoc reporting under tight timelines for senior leadership.

2. Risk & Audit Management

·        Hands-on experience in audit readiness, evidence management, and remediation tracking.

·        Familiarity with risk frameworks, issue management, and compliance processes.

·        Exposure to GRC tools and regulatory requirements in technology or banking environments.

·        CISSP or CISA certification preferred

3. Vendor & Procurement Management

·        Preferably with experience in vendor lifecycle management, including onboarding, renewals, and performance tracking.

·        Knowledge of procurement processes, contract compliance, and third-party risk assessments.

4. Technology Lifecycle & Governance

·        Understanding of technology asset lifecycle (hardware, software, licenses), refresh planning, and obsolescence tracking.

·        Experience supporting vulnerability management and compliance validation.

5. Tools & Technical Skills

·        Proficiency in Power BI, advanced Excel (pivot tables, macros), Jira, and SharePoint/Confluence.

·        Ability to automate recurring reports and maintain data quality standards.

6. Stakeholder Management

·        Experience working in cross-functional teams and managing multiple priorities.

·        Strong communication skills for presenting data to senior leadership.

Key Domain/ Technical Skills:

·        Proficiency in Power BI, advanced Excel (pivot tables, macros), Jira, and SharePoint/Confluence.

• Ability to automate recurring reports and maintain data quality standards

·        CISSP or CISA certification preferred