IT Analyst Governance and Risk

Job Description

We are seeking a IT Analyst to join our IT Governance and Risk team. In this role, you will play a critical part in aligning our IT security controls, risk assessments, and compliance processes with industry standards. You will focus on identifying IT risks and addressing gaps in our control environment. By remediating deficiencies and strengthening internal controls, you will help ensure the organization’s IT environment remains secure and compliant with policies and other regulatory requirements, managing risks to acceptable levels.

Responsibilities:

• Develop and maintain internal control testing procedures and documentation to evaluate control performance and ensure compliance.

• Update internal IT control matrices in response to changes in the IT environment or regulatory requirements.

• Assess IT risks across systems, applications, and processes, identifying vulnerabilities and recommending mitigation strategies.

• Conduct internal assessments of IT systems, applications, platforms, and operational processes to ensure compliance with internal and external standards

• Identify control deficiencies, discuss findings with line management, and initiate control matter recommendations in assigned test areas.

• Define and manage a control monitoring program to continuously assess and measure the application of controls across the IT environment.

• Collaborate with control owners to create risk remediation plans and ensure the effective implementation of changes.

• Coordinate external audit activities with internal resources to ensure timely and successful completion of audits.

• Lead IT control education, awareness, and training programs for end users.

• Identify opportunities to automate testing or create continuous monitoring processes.

Requirements:

• 3+ years of hands-on experience in security controls assessment, IT risk management, and compliance management.

• Experience in coordinating external audit activities by acting as a liaison between external auditors and internal control owners to ensure timely communication and resolution of audit requests.

• Familiarity with security frameworks, such as NIST CSF and ISO27001.

• Highly collaborative with the ability to articulate ideas and influence peers and senior leadership.

• Strong working knowledge and understanding of key concepts in risk management, cybersecurity, compliance, and/or audit

• Proven ability to assess IT risks, design and test IT controls, and ensure regulatory compliance

• Strong written, oral communication, and presentation skills.

• Capable of working independently and taking ownership of projects.

• Strong analytical and critical thinking skills with experience in making data-driven decisions.

• High level of professionalism, integrity, and ethics.

• Bachelor’s degree in Information Technology, Cybersecurity, or a related field (or equivalent experience).

• Certifications (Preferred but not required):

  Certifications such as CISSP, CISA, or CRISC are preferred but not required, as they demonstrate expertise in managing security risks, controls, and compliance in a complex IT environment.

What do we offer?

• Contract of employment

• Annual bonus

• Private medical care

• Possibility for author's tax deduction

• Cafeteria Platform/Multisport

• English lessons subsidized by the company

• Group insurance

• Attractive discounts for products and services at our stations

• Employee stock purchase plan

• ICAS

• Modern and convenient office that you can virtually visit here - https://goo.gl/maps/CLteHfYcdYMbdESq6

• Trainings & possibility to develop skills in a wide international environment

When working with us you can depend upon it that you will not be judged on the grounds of race, national origin, gender, sexual orientation, disability, age, or other legally protected status. Oppositely – we believe that our diverse and inclusive culture helps us create an amazing atmosphere where everybody feels welcome.

Check who we are here: https://youtu.be/td-QGnNnvW0

Want to know even more about us? Take a look at our career page: https://workwithus.circlek.com/global/en/businesscentrewarsaw

Interested?
We encourage you to apply.

We know great companies are built from within, by great people like you. Come grow with us!
We´re looking forward to your application

We hereby inform that in the company Circle K Business Centre Poland sp. z o.o. with registered office in Warsaw an Internal Notification and Follow-up actions applies. The Procedure describes the rules for reporting by whistleblowers violations of law. Full content of the abovementioned Procedure is available here: https://www.circlek.pl/o-nas/procedury-zgloszen