IT Security Governance and Risk Management Analyst

Job Summary

• This position will be reporting to the Head of Security Governance & Risk Management Section and will function under the Advisory & Governance Unit.
• Support and strengthen cybersecurity governance through comprehensive risk assessments, in-depth advisory services, and proactive engagement with key stakeholders to ensure compliance with internal policies and regulatory standards.

Job Responsibilities

• Provide IT security advisory for business initiatives, systems implementations, and operational processes to ensure alignment with security policies and risk appetite.
• Review and assess IT change requests, vendor solutions, technology initiatives and third-party controls for security risks and recommend mitigation strategies.
• Support the execution, and analyse cybersecurity simulation exercises (e.g., phishing, smishing) to test and enhance organizational readiness.
• Monitor the implementation of risk mitigation plans and follow up with relevant departments to ensure timely closure of issues.
• Participate in governance forums on matters relating to IT risk and security governance.
• Prepare reports, presentations, and dashboards on cybersecurity risk posture, incidents, and remediation progress for internal stakeholders and management.
• Contribute to the development and refinement of IT security governance frameworks, policies, and procedures.
• Ensure security assessment exercise is conducted and remediated in a timely manner.

Job Requirements

• Possess a Bachelor's Degree in Computer Science/ Information Technology, Cybersecurity or equivalent qualification from accredited higher learning institutions.
• Minimum 4 – 7 years of experience in IT security, risk management, or cybersecurity advisory roles.
• Strong understanding of information security principles, risk assessment methodologies, and regulatory frameworks (e.g., ISO 27001, NIST, CIS).
• Excellent analytical thinking, communication, and stakeholder engagement skills.
• Experience coordinating with cross-functional teams on security governance and compliance efforts.
• Professional certifications such as CISM, CISSP, CRISC, or equivalent are highly desirable.