Pretoria: IT Risk Analyst (CH1189) posted by Capital H Staffing and Advisory Solutions

Our client, in the financial services industry, is looking for an IT Risk Analyst to join their IT Services team in their Pretoria office.

The IT Risk Analyst works closely with Head of Information Technology system and management team and is responsible for identifying, assessing, and monitoring technology-related risks within the organization. This role also assists ensures that IT systems, processes, and controls comply with regulatory requirements and internal policies, while supporting risk mitigation strategies to safeguard information assets.

Reports To: Head of IT Services

Qualifications and Experience

Qualifications

• Bachelors degree in information technology, Computer Science, or related field.
• Preferred Certifications
  • CRISC (Certified in Risk and Information Systems Control)
  • CISA (Certified Information Systems Auditor)
• 3+ years of experience in IT risk management, Cyber security, IT audit, or IT governance.
• Knowledge of risk frameworks (NIST, COBIT, etc.) and regulatory compliance.

Skills & Experience

• Hosting and infrastructure: Knowledge and experience in IT infrastructure, networking protocols, cloud service models, core fundamentals and virtualisation
• Cybersecurity Fundamentals: Knowledge and experience in security principles, risk management, and compliance standards.
• Data Integrity & Backup: Knowledge and experience of assessing data risks and mechanisms for preventing corruption and ensuring successful data backup and recovery.
• Systems development: Knowledge and experience of Agile frameworks (Scrum, Kanban) and DevOps practices and tools.
• Regulatory and Risk frameworks: Knowledge of risk frameworks (NIST, COBIT, etc.) and regulatory environment

Key Responsibilities

• Risk Identification & Assessment:
  • Conduct regular IT risk assessments across systems, applications, and infrastructure.
  • Identify potential threats, vulnerabilities, and control gaps.
• Risk Monitoring & Reporting:
  • Maintain and update the IT risk register.
  • Prepare risk reports and dashboards for IT management and governance committees.
• Control Evaluation:
  • Conduct regular IT control reviews and monitors to ensure effectiveness and compliance.
  • Recommend improvements to strengthen internal controls.
• Compliance & Governance:
  • Ensure adherence to regulatory frameworks (e.g., POPIA, GDPR, NIST).
  • Support internal and external audits by providing risk-related documentation.
• Security Incident & Issue Management:
  • Assist in investigating IT security incidents and control failures.
  • Track remediation plans and verify closure of risk issues.
• Policy & Framework Development:
  • Compile, review and update IT risk management policies, standards, frameworks and procedures.
• Disaster recovery and back-up plans
  • Drafting and ensuring disaster recovery plans are comprehensive and up-to-date
  • Involved in the coordinating and execution of disaster recovery (DR) testing activities.

Competency

• Strong analytical and problem-solving skills.
• Strong policy development and documentation skills
• Attention to detail and sustained engagement.
• Good communication and reporting abilities.
• Ability to work collaboratively with IT and business stakeholders.

General

• We are committed to fair and inclusive hiring. All suitably qualified applicants are welcome to apply.
• Preference may be given in line with our clients Employment Equity plan and applicable legislation.
• Applicants must have the legal right to work in South Africa at the time of application.
• Only shortlisted candidates will be contacted. If you do not hear from us within 30 days, please consider your application unsuccessful.
• Please include your current remuneration (CTC), salary expectation, and notice period (optional but helpful for screening).
• By applying, you consent to the processing of your personal information for recruitment purposes in accordance with POPIA.