Praca IT Risk and Compliance Specialist

Dodano: 15.09.2021

IT Risk and Compliance Specialist


For one of our Client's, the world's largest producer of glass bottles and jars, we are looking for Candidates interested in IT Risk and Compliance Specialist position.



The IT Risk and Compliance Specialist is responsible for monitoring the IT controls environment at Client’s Company. This includes documenting, testing, and auditing processes for compliance with established policies and procedures. The IT Risk and Compliance Analyst will also work with technical resources and other team leads to produce technical documentation and recovery plans for critical systems.

The IT Risk and Compliance Specialist  will also be involved in the implementation of new security solutions, participation in the creation and or maintenance of policies, standards, baselines, guidelines and procedures as well as participating in vulnerability audits or independent assessments.

The IT Risk and Compliance Specialist  is expected to be fully aware of Client’s company security goals as established by its stated policies, procedures and guidelines and to actively work towards upholding those goals.




  • Collaborating with other global IT operational support groups, both locally and globally


  • Monitor user access to IT systems by performing the following:
    • Semiannual access reviews
    • Termination validation procedures
    • IT Privilege access reviews
  • Participate in the incident response activities in accordance with established procedures
  • Validate that access to critical functions within key applications is appropriately segregated (Segregation of Duties – SOD)
  • Maintain the global framework of IT Controls
  • Work with system administrators to ensure that plans exist to recover applications and systems in the case of a disaster
  • Work with the IT organization to create documentation of systems, policies, procedures, and standards
  • Support the execution of the IT Risk Management process
  • Establish effective communication processes with the business and regional IT teams to coordinate the global assessment of IT controls
  • Integrally engage in projects making sure that they comply with client’s company policies and security requirements
  • Assess effectiveness of global procedures to provide secure third-party access to client’s company’ network and applications
  • Assist with independent vulnerability assessment and Sox audit processes
  • Follow documented procedures and retain necessary audit documentation



  • Intermediate knowledge of Microsoft Active Directory and Windows services
  • Intermediate operational knowledge of SAP GRC
  • Understanding of industry’s control frameworks and leading practices
  • Project management
  • Self-starter and strong collaboration skills
  • Ability to express technical concepts effectively, both verbally and in writing
  • Experience in communicating and presenting to an management level audience
  • Knowledge of industry leading practices, security frameworks, policies and standards
  • Experience evaluating system security requirements
  • Experience with Windows, UNIX and other operating systems
  • Knowledge of system functions, security policies, technical security safeguards, and operational security measures
  • Demonstrated analytical capabilities
  • Ability to determine priorities, makes discretionary decisions, and determines when to notify management
  • Ability to express complex technical concepts effectively, both verbally and in writing
  • Ability to work well with people from many different disciplines with varying degrees of technical experience



The IT Risk and Compliance Analyst is primarily responsible for monitoring the global IT environment with systems physically located in various locations around the world, or at 3rd parties. This includes evaluating log information, performing user access reviews, participating in the incident response process, assisting with compliance audits and the IT Risk Management process. The position will need to be able to effectively collaborate with business and IT stakeholders located across all regions.

Failure to effectively monitor the IT controls environment could lead to failure of control mechanisms put in place to protect our company from:

  • Fraud and/or system misuse
  • Increased external audit fees
  • Inaccurate financial reporting
  • System failure or unavailability
  • Loss of data integrity



  • Bachelor’s degree or equivalent years of experience in information technology or related discipline
  • 3 years of experience working with IT general computer control evaluations, remediation, and with external auditors
  • Recognized industry certification for this position may include one or more of the following:
    • GIAC Information Security Professional (GISP)
    • (ISC)2 Certified Information Systems Security Professional (CISSP)
    • ISACA Certified Information Security Manager (CISM)
    • ISACA Certified Information Systems Auditor (CISA)
    • ISACA Certified Risk & System Controls (CRISC)
  • ITIL Foundations Certification is desirable
  • 2 years project management experience preferred
  • Solid knowledge of information security principles and practices
  • Solid understanding of SAP GRC Access Control configuration and management
  • Understanding of security protocols and standards
  • Effectively operate with global teams
  • Organized, responsive and highly thorough problem solver
  • Detail oriented
  • Experience in effective communication with customers, employees and management
  • Self-starter with strong collaboration and communication skills
  • Have high integrity and be able to maintain confidentiality of work performed.
  • Must be able to effectively communicate in English – both written and verbal



This position reports to the Team Lead, IT Risk and Compliance


Less than 10% domestic or international travel might be required for this role.




Prosimy o dopisanie następującej klauzuli: „Wyrażam zgodę na przetwarzanie moich danych osobowych dla potrzeb procesu rekrutacji zgodnie z Ustawą z dnia 29 sierpnia 1997 r. o ochronie danych osobowych (tekst jednolity: Dz. U. 2016 r. poz. 922.)."

Podobne oferty pracy

Pokaż więcej
IT Risk and Compliance Specialist
Devire Sp. z o.o.