IT Assurance Analyst: Ref. ΙΤΑΑ22
Do you have a passion for Information Systems and effective IT processes to support the business?
We are looking for an IT Assurance Analyst to join our team. You will have the opportunity to use your skills and experience to work on a variety of exciting projects and tasks, and support the Bank in its Digital journey.
You will work closely with Control Functions and all departments within the Technology Division, and act as the subject matter expert for your area of responsibility.
- Supports continuous enhancement of the IT controls environment, security compliance and risk management program for the company across all IT domains and technology environments and sites.
- Designs, oversees implementation, and monitors the implementation of IT controls and makes recommendations that can bolster the IT control posture. Plans, monitors and coordinates control testing per Functional Area to ensure controls effectiveness. Where necessary, works with the respective technology owners to drive implementation of appropriate remediation plans, track status, aggregate results and report to IT Management.
- Interacts with the required control functions (e.g. Information Security, Risk, Audit, Compliance) to discuss and agree required controls and actions, to provide updates and generate reports.
- Follows compliance obligations emanating from regulations and Bank policies, assess the impact on the Division’s processes, procedures and operations and ensure that mitigation actions are implemented for compliance with relevant policies, laws and regulations.
- Performs internal thematic reviews to identify potential deficiencies, non-compliances to policies and processes, areas of improvement. Documents such identified cases, agrees improvement actions with stakeholders, and oversees implementation.
- Analyses data and trends to identify areas with recurring or large number of incidents and oversee the implementation of corrective actions. Perform problem investigations to assess the root cause of incidents, identify remediation actions/workarounds, and define new and/or enhance existing controls to minimize the associated risk and impact.
- Supports KRIs/KPIs management to ensure that proper identification, definition and monitoring is in place. Assess identified breaches through root cause analysis and ensure reflection in the Risk Profile of the respective area. Ensures definition, monitoring and management of respective mitigation actions from breached KPIs. Escalate long term deviations.
- Bachelor’s or Master’s Degree in Computer Science, Management Information Systems, Information Security or other related subject
- CISA/CISM or equivalent professional accreditation.
- Working experience in information security, information systems audit or risk management role.
- Knowledge of risk management, auditing, IT and security standards and frameworks (ISO, ITIL, COBIT, COSO, NIST, SANS amongst others).
- Ability to understand the business vision and goals and translate these to IT capabilities and high-level requirements including defined service level agreements.
- Ability to identify and prioritize control gaps in terms of likelihood and impact.
- Clear understanding of IT methodologies.
- Excellent written and verbal communication in both Greek and English
- Effective communication and interaction skills.
- Analytical and problem-solving skills.
- Experience working in a team-oriented, collaborative environment.
All applications will be received through the “e-Recruitment” system, by following the steps below:
- Profile submission:
- Electronic submission of personal /academic/ professional and other data
- “Release” of the profile
- Application for specific vacancies, through “Employment Opportunities” section:
- Job Search
- Select Job
- Send Application (top, right hand side)
- Send Application
- Candidates who are interested in the specific position and have expressed their interest for employment in Bank of Cyprus in the past through the e-Recruitment system, are required to submit a new application (provided that they meet the criteria set).
- Only shortlisted candidates will be contacted.
- All applications will be treated with strict confidence