Principal Analyst- IT Risk and Governance

Location
Harare

Expiration date: 30 May 2025

Track Job Status
Receiving Applications (Open)
Shortlisting By IPC
CVs sent to Client
Shortlisting By Client
Awaiting Response from Client
Psychometric Testing
Interviews
Offer
Placement

Duties and Responsibilities


  • Reviews the Frameworks in place for IT Governance, Information Security, Data Privacy and IT Service Continuity for sustained effectiveness and alignment to leading practices.
  •  Participate in the development and implementation of Information and Technology governance frameworks and policies to ensure alignment with business objectives and regulatory requirements.
  •  Ensure continuous compliance with international Information Security, Information & Technology Governance standards and local regulatory requirements (ISO 27001, National Institute of Standards and Technology, the Data Protection Act) through policy updates and periodic reviews.
  • Monitor compliance adherence across the Software Development Life Cycle (SDLC) through onsite reviews and automated compliance checks in DevOps pipelines.
  • Ensure that outstanding IT Audit findings (internal and external audit findings) are constantly followed up on and driven to resolution.
  • Oversee the reporting and analysis of IT risk incidents and investigate root causes of incidents and ensure corrective actions are implemented.
  • Perform continuous, and independent, risk analysis using automated tools to detect security misconfigurations or non-compliance in cloud, on-prem, and hybrid IT environments.
  • Evaluate the effectiveness of Security risk assessments being executed by the Information and Cyber Security function, perform gap-analysis, and ensure remediation in liaison with the IT and Cyber Security Services team.
  • Perform third-party vendor risk assessments and drive security improvements across partnerships.
  • Enhance resilience by providing oversight on business continuity and disaster recovery plans and ensure regular testing is conducted.
  •  Evaluate the adequacy and effectiveness of safeguards protecting sensitive Company information and drive information security awareness initiatives.
  • Collaborate with IT architects to design resilient security frameworks that align with best practices.
  • Conduct regular training and awareness sessions (in person, virtual or training material) regarding IT risk management and the roles the various parties play in the management of IT Risk.
  • Prepare Risk Management Reports, dashboards and presentations for Board and Executive Committees.


Academic Qualification, Experience and Attributes


  • Bachelor’s degree in relevant disciplines such as Computer Science, Information Systems and Computer Engineering.
  • A master’s degree in a relevant discipline will be an added advantage.
  •  Relevant professional certification in CISA, CRISC CISM, CISSP and CIA is a must.
  • Minimum of 6 years’ experience in IT Risk and Governance with experience in ISO 27001:2022 audits, security risk assessments, information governance, data privacy, security awareness, or cybersecurity maturity assessments.
  • Experience in governing internal controls in technology governance for any large enterprise.
  • Excellent managerial skills.
  • The ability to think critically, assess and quantify technology risk, document complex processes and collaborate effectively with cross-functional stakeholders is required.

Other Jobs Available
Electrician

31 Jul 2025

Notifications

Sign up now to get updated on latest posts and relevant career opportunities