Share this Job
Technology Risk Assurance Specialist job at EY | Apply Now
Are you looking for Information Technology Jobs in Uganda 2024? If yes, then you might be interested in Technology Risk Assurance Specialist job at EY
Kampala, Uganda
Full-time
About the Organisation
In 2019, we formalized our long-term value approach in the EY NextWave strategy and as a result, we’ve achieved 9.5% compound annual growth (FY 2019–2023) and reached nearly US$50 billion in revenue in FY23, a 14.2% increase in local currency. Long-term value creation is now part of our DNA, and I am proud of the progress it has enabled for EY, highlighted in this EY Value Realized 2023 report.
Job Title
Technology Risk Assurance Specialist job at EY
Job Description
By performing these duties, a Technology Risk Assurance Specialist helps safeguard an organization's technology assets, ensuring they are resilient against various risks and aligned with regulatory requirements. This role is critical in maintaining the trust and integrity of an organization's IT systems and data.
Duties and Responsibilities
Risk Assessment:
Conduct thorough assessments of technology risks across various systems and processes.
Identify potential vulnerabilities and threats to IT infrastructure and data.
Risk Management:
Develop and implement risk management strategies and plans.
Monitor and track identified risks, ensuring that mitigation measures are effective.
Compliance:
Ensure IT systems comply with relevant regulations, standards, and policies (e.g., GDPR, HIPAA, ISO 27001).
Stay updated on changes in technology regulations and standards to ensure ongoing compliance.
Audit Support:
Support internal and external IT audits by providing necessary documentation and explanations.
Implement audit recommendations and track their progress.
Policy Development:
Develop and enforce IT risk management policies and procedures.
Ensure policies are communicated effectively to all relevant stakeholders.
Security Controls:
Design and implement security controls to protect IT systems and data.
Regularly test and evaluate the effectiveness of these controls.
Incident Management:
Respond to security incidents and breaches, conducting root cause analysis and implementing corrective actions.
Develop and maintain an incident response plan.
Training and Awareness:
Conduct training sessions and workshops to raise awareness of IT risks and promote best practices among employees.
Develop educational materials and resources to support risk awareness initiatives.
Risk Reporting:
Prepare detailed reports on technology risks, highlighting key findings, trends, and recommendations.
Present risk assessments and reports to senior management and stakeholders.
Vendor Risk Management:
Assess and manage risks associated with third-party vendors and service providers.
Ensure vendors comply with the organization's security and risk management standards.
Continuous Improvement:
Continuously monitor and review IT risk management practices to identify areas for improvement.
Stay informed about emerging technology risks and industry best practices.
Collaboration:
Work closely with IT, security, and business teams to integrate risk management practices into all technology projects and operations.
Foster a culture of risk awareness and proactive risk management throughout the organization.
Business Continuity Planning:
Contribute to the development and maintenance of business continuity and disaster recovery plans.
Ensure IT systems and processes are resilient and can recover quickly from disruptions.
Technical Assessments:
Conduct technical assessments such as penetration testing, vulnerability assessments, and security audits.
Analyze assessment results and provide actionable recommendations for improvement.
Data Privacy:
Ensure that data privacy measures are in place and comply with relevant regulations.
Conduct regular privacy impact assessments and implement data protection measures.
Qualifications and Competencies
Bachelor's degree in IT, Computer Science, Engineering, Telecommunications Full or part certifications: CISA, CISSP, CISM, ISO27001. Experience:
At least 3 years of experience in a similar or related role with specific experience in testing it general and application controls for financial reporting systems.
Competences and experience required:
Hands-on experience in IT Risk Assurance eg, SOX/ICFR/IFC/ SSAE, IT Financial Audit and Business Automated Controls or any other regulatory/compliance audits in a similar role.
Knowledge of IT Security aspects in areas like Cloud Computing, Cyber Risks, Network Security, database management systems, SDLC, IT general controls (ITGC) COBIT, COSO 2013.
How to Apply
APPLICATION FOR THIS POSITION MUST BE DONE ONLINE:
Are you interested? Click the "APPLY" button below to submit your application.