Find a job
← To job search

Senior Technology Governance & Assurance Analyst

Apply now
Role area:
Technology
Contract type:
Full Time
Location:
Cluj - Napoca
Share on LinkedIn

Role purpose:

  • As part of our drive to improve the maturity of Technology governance in PPB, we are looking to assemble a strong team to assist with the implementation, maintenance and improvement of a Technology Governance framework.
  • A key focus of the role is to check that our key Technology governance processes are working correctly and reliably and own and maintain the framework which represents Technology governance in PPB.
  • The candidate should have extensive expertise in either one or both areas of IT service management and security compliance, as the role is required to understand, review and improve processes that span from software development to IT operations and security.
  • As part of the Security Compliance & Assurance function, the role reports to the Technology Governance & Assurance Manager
  • This role is responsible to support and improve the Technology Governance framework:
  • provide guidance to Technology stakeholders on aligning their processes to internal and external expectations.
  • support the representation of technology processes and associated controls to internal and external stakeholders
  • plan and deliver risk-based assurance activities on processes, systems and projects against internal policies/procedures/standards, international frameworks (ISO 27001, ISO 20000, COBIT) and regulatory requirements (GDPR, gambling licensing conditions)
  • present solutions and offer input for solving process deviations identified through assurance
  • support external audits (ITGC audit as part of yearly financial audit, ISO 27001, regulatory audits)
  • Travel is to be expected to our offices from Dublin, London, Porto and Malta

Accountabilities:

  • Develop and maintain the platform used to represent technology processes and controls
  • Maintain the accuracy of information on people, process and technology that make up the Governance framework
  • Provide advisory services to the Technology teams on how to improve their processes
  • Assess the design of processes and effectiveness of controls to validate their compliance or determine in early stage when they deviate from requirements
  • Develop checklists for assessing various Technology & Security areas
  • Focus on key aspects, sample according to complexity and risk (example of key processes: change management, incident and problem management, portfolio management, asset management, security management)
  • Identify vulnerabilities, threats, impacts that derive from discovered issues
  • Assess various mitigations options and propose a optimum solutions
  • Suggest improvements or alternatives to new or existing controls
  • Follow-up till completion the agreed remediation actions
  • Assess the effectiveness of the implemented remediation actions
  • Write assurance programs and assessment reports that are clear, concise and meaningful
  • Write procedures specific to assurance processes
  • Collaborate with and support the Internal Audit function

Key strengths:

  • Inquisitive about processes, controls, dependencies, problems, risks
  • Analytical mind able to filter out meaningful data from large amounts of information
  • Influence stakeholders to support outcomes delivery
  • Think beyond theoretical principles and be able to adapt to an agile environment
  • Deliver within timelines while multitasking
  • Problem resolution
  • Passionate about governance and compliance in technology and security
  • Communicate with ease both in person and using communication tooling (email, voice and video calls) with stakeholders in various hierarchical positions
  • Be flexible, have adaptive approaches depending on situation (when identifying and assessing issues, evaluating mitigations options, following-up on closures)

Competencies:

  • Bachelor’s degree in Computer science or related and minimum 5 years work experience in Technology/Security role
  • Broad understanding of Technology processes and technologies (Agile software development, devops, cloud, virtualization, databases, networking, software development, logging and backup)
  • Broad understanding of security processes and controls (identity and access management, vulnerability management, security monitoring, compliance)
  • At least 3 years in audit and/or consultancy for large companies employing advanced technologies, preferably from regulated environments;
  • Good knowledge of risk management both at an enterprise level and in technology (theoretical and practical)
  • Experience with Technology and Security Governance processes (strategy and objective setting, performance measurement, roles definitions)
  • Knowledge and ease of working with international Technology, security and audit standards
  • Some hands-on experience in either Technology or security is desirable
  • One or more of CISA, CISSP, ISO 27001/ COBIT, ITIL, ISO 20000 – strongly desirable
  • CISM, CRISC, CGEIT, PCI QSA/ISA, CIA – nice to have
  • Good level of spoken and written English (B2) (fluency in English is a must)