The IT Controls Analyst operates within the First Line of Defense to implement the Enterprise Risk Management Framework, ensuring compliance with regulations, corporate standards, and company policies.

Through the execution of a defined risk and control self-assessment program, the analyst analyzes, evaluates, and provides strategic guidance for programs, policies, and procedures, thereby ensuring alignment with regulatory requirements and acceptable risk mitigation practices.

Education:

• Bachelor's degree in IT Risk Management, Information Systems, or equivalent field, or equivalent work experience.
• Master's degree in IT Risk Management, Information Systems, or equivalent field.

Experience:

• More than 3 years of experience in IT technical control testing and IT technical evidence evaluation.
• More than 3 years of experience in IT Risk Management, Internal Controls, Auditing, and Information Security.
• Previous hands-on experience in cyber risk assessment, cybersecurity evaluation, penetration testing, network devices (firewalls/IDS-IPDS), and IT tools.
• Solid knowledge and understanding of risk and control methodologies, including frameworks such as COSO and COBIT.
• Experience conducting reviews of medium- to high-complexity IT processes.
• Ability to independently develop and document test procedures and/or recommendations for modifying test plans to improve the validation of control objectives.
• Extensive experience testing IT controls across multiple domains and evaluating automated and manual controls related to information security or IT infrastructure.
• Strong data analysis skills and the ability to independently develop scripts to collect the data necessary for control testing/assessments. Automation of test procedures whenever possible.
• Ability to perform cross-platform testing (applications, databases,
• operating systems, middleware, monitoring tools, and business processes).
• Independently obtain, review, and interpret evidence to validate the effectiveness of controls and identify vulnerabilities, deficiencies, or failures. Identify risks associated with control failures and support the identification of mitigating controls.
• Ability to accurately document control test results with sufficient detail and minimizing the need for rework.
• Ability to work on multiple simultaneous assessments.
• Ability to create Excel formulas for data analysis.
• Excellent project management skills.

Licenses & Certifications -

• Preferred Professional Certification such as CRISC, CISA, CISSP