Devire is an international company specializing in recruitment, outsourcing and employer branding services. For more than 30 years, we have represented leading employers on the European market, by carrying out comprehensive recruitment projects, implementing the latest solutions in the area of IT services and by supporting in building the image of the employer of choice.

Our offices are located in Warsaw, Wroclaw, Poznan, Katowice as well as Munich, Frankfurt, Prague and Hradec Kralove.

IT Risk & Controls Analyst

Location: IT Risk & Controls Analyst

Key Responsibilities:

• Identify, document, and assess information security vulnerabilities and risks in the information technology environment in conjunction with vendor and privacy assessment teams
• Evaluate identified vulnerabilities and risks, working with business owners, risk management, and IT leaders on assigned projects
• Identify tasks and controls necessary to remediate identified risks and vulnerabilities; negotiate dates for remediation to be complete
• Monitor appropriate sources for newly identified vulnerabilities, evaluate the risk such vulnerabilities pose to the organization’s information and systems, and advise management of appropriate measures to eliminate or reduce the organization’s risk or exposure to such vulnerabilities
• Work with responsible teams to develop mitigation plans and ensure vulnerabilities are addressed and remediated effectively and efficiently, as needed
• Support internal project development teams to ensure all mandated technical security requirements are met, including adherence to the SSDLC, compliance with required data classification security controls, and other controls required by the information security policy and other procedures or guidelines
• Ensure privacy, risk and compliance requirements are addressed in project scope and deployment for assigned projects
• Assist with assigned risk and control activities, such as Logical Security initiatives, access reviews and privacy compliance requirements, tracking issues and action items, and documenting progress across security & risk initiatives
• Support Security & Risk driven projects and initiatives, through participation in full lifecycle including oversight, tracking, administrative tasks, research, solution proposal and technical tasks as required to meet project goals, when assigned
• Support preparation and remediation activities for our group audits, including researching the status of specific controls and determining compliance levels against company policies and procedures. Guide stakeholder in activities to meet security and compliance levels.
• Assist in designing and developing supporting frameworks and tools for the security, controls and risk group and for compliance and risk projects

Other Duties:

• Carry out any other tasks given by the Line Manager within the scope of the job to ensure effective delivery and development of the service.

 

Skills and credentials:

• Good technical knowledge of information security principles, including risk assessment and management, Cyber security defences, application security, threat and vulnerability management, encryption, administrative security controls, and identity and access management
• Knowledge of Directory Services (LDAP, AD) and Internet/Intranet architecture and design
• Ability to weigh business risks and enforce appropriate information security measures; good documentation and presentation skills;
• Knowledge of project development lifecycle, secure development lifecycle and the ability to assess an architecture documents for risks, vulnerabilities & threats
• Experience in information systems auditing a plus
• Good written and verbal communication skills
• SharePoint and advanced excel a plus
• Good planning and organizational skills
• Excellent customer\client service orientation
• Polished and professional demeanour

 Experience Required:

• Minimum 3 years’ experience in information security
• A Bachelors’ degree in Computer Science, MIS, business or equivalent experience is required. An advanced degree (e.g. MBA with concentration in information systems) is a plus
• Information Systems Auditing Certification (e.g. CISA) or Security Certifications (e.g. CISSP) a plus
• Experience in some form of basic UI development for Access, SharePoint or SQL a plus