Principal Analyst- IT Risk and Governance

Location
Harare

Expiration date: 30 May 2025

Track Job Status
Receiving Applications (Open)
Shortlisting By IPC
CVs sent to Client
Shortlisting By Client
Awaiting Response from Client
Psychometric Testing
Interviews
Offer
Placement

Duties and Responsibilities


  • Reviews the Frameworks in place for IT Governance, Information Security, Data Privacy and IT Service Continuity for sustained effectiveness and alignment to leading practices.
  •  Participate in the development and implementation of Information and Technology governance frameworks and policies to ensure alignment with business objectives and regulatory requirements.
  •  Ensure continuous compliance with international Information Security, Information & Technology Governance standards and local regulatory requirements (ISO 27001, National Institute of Standards and Technology, the Data Protection Act) through policy updates and periodic reviews.
  • Monitor compliance adherence across the Software Development Life Cycle (SDLC) through onsite reviews and automated compliance checks in DevOps pipelines.
  • Ensure that outstanding IT Audit findings (internal and external audit findings) are constantly followed up on and driven to resolution.
  • Oversee the reporting and analysis of IT risk incidents and investigate root causes of incidents and ensure corrective actions are implemented.
  • Perform continuous, and independent, risk analysis using automated tools to detect security misconfigurations or non-compliance in cloud, on-prem, and hybrid IT environments.
  • Evaluate the effectiveness of Security risk assessments being executed by the Information and Cyber Security function, perform gap-analysis, and ensure remediation in liaison with the IT and Cyber Security Services team.
  • Perform third-party vendor risk assessments and drive security improvements across partnerships.
  • Enhance resilience by providing oversight on business continuity and disaster recovery plans and ensure regular testing is conducted.
  •  Evaluate the adequacy and effectiveness of safeguards protecting sensitive Company information and drive information security awareness initiatives.
  • Collaborate with IT architects to design resilient security frameworks that align with best practices.
  • Conduct regular training and awareness sessions (in person, virtual or training material) regarding IT risk management and the roles the various parties play in the management of IT Risk.
  • Prepare Risk Management Reports, dashboards and presentations for Board and Executive Committees.


Academic Qualification, Experience and Attributes


  • Bachelor’s degree in relevant disciplines such as Computer Science, Information Systems and Computer Engineering.
  • A master’s degree in a relevant discipline will be an added advantage.
  •  Relevant professional certification in CISA, CRISC CISM, CISSP and CIA is a must.
  • Minimum of 6 years’ experience in IT Risk and Governance with experience in ISO 27001:2022 audits, security risk assessments, information governance, data privacy, security awareness, or cybersecurity maturity assessments.
  • Experience in governing internal controls in technology governance for any large enterprise.
  • Excellent managerial skills.
  • The ability to think critically, assess and quantify technology risk, document complex processes and collaborate effectively with cross-functional stakeholders is required.

Other Jobs Available
Sales Representative

31 Jul 2025

Data Analyst

31 Jul 2025

Notifications

Sign up now to get updated on latest posts and relevant career opportunities