IT Risk & Security Compliance Specialist

Management & Governance

• Manage the implementation of IT risk management frameworks, processes, and control mechanisms.
• Identify, assess, monitor, and report IT risks across infrastructure, applications, databases, networks, and business processes.
• Support the development and improvement of IT risk policies, standards, procedures, and control documentation.
• Ensure IT risk management practices are aligned with regulatory, legal, operational, and business requirements.

Security Metrics & Compliance Monitoring

• Develop, monitor, and report weekly and monthly IT security metrics to ensure required thresholds and compliance targets are achieved.
• Track key risk indicators, security performance indicators, and remediation progress.
• Measure and monitor service quality to ensure IT services comply with defined quality and security standards.
• Provide practical recommendations when gaps, weaknesses, or non-compliance issues are identified.

Audit, Risk Assurance & Review

• Lead and support IT risk assurance, compliance review, and internal audit activities.
• Contribute to the preparation and execution of audit work plans, risk assessments, and audit programs.
• Coordinate with relevant stakeholders to collect evidence, review controls, and support audit findings resolution.
• Follow up on remediation actions and ensure identified risks are properly addressed.

Security Policy & Control Implementation

• Maintain and enforce security policies, standards, and procedures across IT environments.
• Ensure security controls are properly defined and implemented across server rooms, networks, databases, applications, and business units.
• Support the implementation of application and infrastructure security control mechanisms.
• Promote consistent security practices across departments and operational processes.

Qualifications

Work Experience

• Minimum 3 years of experience in IT risk management, information security, compliance, audit, or related areas.
• Experience in IT security projects, risk assessments, internal audits, or compliance reviews.
• Experience working with cross-functional IT, security, audit, and business teams.

Required Skills & Knowledge

• Good understanding of IT risk areas, including regulatory risk, operational risk, information security risk, technology risk, and industry-specific compliance requirements.
• Knowledge of common information security and compliance standards such as ISO 27001 and PCI DSS.
• Understanding of legal, regulatory, and compliance implications related to IT and information security.
• Good knowledge of application security, infrastructure security, network security, database security, and access control mechanisms.
• Strong analytical, diagnostic, and problem-solving skills.
• Ability to identify control weaknesses and propose practical, risk-based solutions.
• Strong documentation, reporting, and audit support skills.
• Excellent communication, influencing, and stakeholder management skills.
• Ability to work effectively with internal and external stakeholders across different cultural and communication contexts.

Preferred Skills

• Experience with IT GRC, risk registers, security dashboards, audit evidence management, or compliance reporting.
• Familiarity with internal audit processes, IT general controls, access management, vulnerability management, or incident management.
• Experience in regulated industries such as banking, financial services, insurance, or payment services is a plus.