Technology Risk Management | IT Audit Analyst (CISSP or CISA Preferred)

Responsibilities: Operational Support & Reporting ·        Prepare project status reports, management reports, and dashboards for all scope areas (projects, operations, risk, vendor management). ·        Deliver ad hoc reports for urgent leadership decisions and audits, ensuring clarity, accuracy, and actionable insights. ·        Track operational metrics (e.g., SLAs, incident/defect rates, lifecycle KPIs) and provide insights for decision-making. ·        Maintain reporting cadences and data quality standards; automate recurring reports where feasible. ·        Support process standardization and governance across technology operations, including documentation, templates, and SOPs. Audit & Risk Management • Manage internal and external audits and reviews, including GRC updates, RFIs, and audit observations. • Provide risk oversight and governance for technology domains. • Lead audit readiness activities: evidence management, engagement coordination, remediation tracking, and closure. • Monitor risks and track resolution of issues from breaches, incidents, reviews, and inspections; ensure timely updates and escalations. • Maintain knowledge artifacts: playbooks, control catalogs, FAQs, and micro-learning content. •   Digital Workplace & Vendor Management • Oversee TPRA, vendor management, BCM, annual KRCSA, and risk reduction initiatives. • Manage technology asset lifecycle (hardware, software, licenses): refresh planning, obsolescence tracking, and decommissioning. • Coordinate procurement operations and vendor/contract enablement: intake, sourcing, onboarding, renewals, and compliance. • Partner with Vendor Management to track performance, SLAs, and contract obligations; support third-party risk assessments. Technology Governance & Vulnerability Management • Oversee vulnerability management, remediation, and ISRA renewals. • Liaise with application domains on ORSA submissions, including obsolescence scope, budgeting, and delivery timelines. • Act as liaison for Tech Obsolescence task force and provide reporting. • Manage RTB Capex projects: budget tracking/approval, memo approvals, and escalation handling. Key Deliverables • Management reports and dashboards for leadership and governance (including ad hoc requests). • Operational reporting with actionable insights. • Governance dashboards and risk reduction plans. • Compliance evidence (audit reports, remediation tracking, certification renewals). • Security assessment reports and vulnerability test results. • Lifecycle and obsolescence compliance validation. • Procurement documentation and vendor performance tracking. Requirements: Core Skills & Competencies ·        Operational Reporting: KPI design, data quality, dashboarding, storytelling with data. ·        Risk & Controls: Control design/effectiveness, risk assessments, issue management. ·        Audit Readiness: Evidence management, walkthroughs, remediation tracking, stakeholder coordination. ·        Process Governance: SOP creation, standardization, continuous improvement. ·        Vendor & Asset Management: Lifecycle planning, procurement coordination, third-party risk awareness. ·        Stakeholder Management: Cross-functional orchestration, facilitation, conflict resolution. ·        Tools: Power BI, Excel (advanced), Jira, SharePoint/Confluence. Education: ·        Bachelor’s degree in a relevant discipline (CS, IT, Info Systems, Cybersecurity, Engineering) ·        Preferred: Enhanced Credentials: Industry-recognized certifications such as CISA, CISM, CISSP, etc) ·        At least 8-12 years’ relevant experience preferably in a Finance Institution. Essential: Experience 8–12 years in technology operations, risk/governance, or PMO support roles within banking or large enterprise environments. 1. Operational Reporting & Data Analysis ·        3–5 years’ experience in preparing management reports, dashboards, and KPIs. ·        Strong ability to interpret complex operational data and present it in a clear, concise, and actionable format. ·        Experience with ad hoc reporting under tight timelines for senior leadership. 2. Risk & Audit Management ·        Hands-on experience in audit readiness, evidence management, and remediation tracking. ·        Familiarity with risk frameworks, issue management, and compliance processes. ·        Exposure to GRC tools and regulatory requirements in technology or banking environments. ·        CISSP or CISA certification preferred 3. Vendor & Procurement Management ·        Preferably with experience in vendor lifecycle management, including onboarding, renewals, and performance tracking. ·        Knowledge of procurement processes, contract compliance, and third-party risk assessments. 4. Technology Lifecycle & Governance ·        Understanding of technology asset lifecycle (hardware, software, licenses), refresh planning, and obsolescence tracking. ·        Experience supporting vulnerability management and compliance validation. 5. Tools & Technical Skills ·        Proficiency in Power BI, advanced Excel (pivot tables, macros), Jira, and SharePoint/Confluence. ·        Ability to automate recurring reports and maintain data quality standards. 6. Stakeholder Management ·        Experience working in cross-functional teams and managing multiple priorities. ·        Strong communication skills for presenting data to senior leadership. Key Domain/ Technical Skills: ·        Proficiency in Power BI, advanced Excel (pivot tables, macros), Jira, and SharePoint/Confluence. • Ability to automate recurring reports and maintain data quality standards ·        CISSP or CISA certification preferred