Senior IT Security Analyst

Enablon is the world’s leading provider of Sustainability, EHS (Environment, Health and Security) and Operational Risk Management Software. Enablon’s mission is to help create a better world by making organizations responsible, productive and safe through innovative technology. It offers the industry's most comprehensive enterprise EHS software platform with technology, content and services that help large & complex organizations manage risks, ensure compliance and continually improve operational excellence.

We believe that with the right people, processes, and technology you can create a path to excellence and turn the ordinary into the extraordinary.

Please visit our website:
“Risk management refers to a coordinated set of activities and methods that is used to direct an organization and to control the many risks that can affect its ability to achieve objectives.

The term risk management also refers to the programme that is used to manage risk. This programme includes risk management principles, a risk management framework, and a risk management process.”

(ISO translated into plain English)

IT risk management activities are coordinated through this role. The Information Risk Manager is responsible to maintain the IT Risk Framework, including risk identification, assessment, evaluation, response, and monitoring. This role is responsible to evaluate overall information technology risk, maintain an active view, and report on the actual, mitigated and residual risk in the technology organization.

Essential Duties and Responsibilities:
1. Risk Identification, Assessment and Evaluation

Identify, assess and evaluate risk to enable the execution of the enterprise IT risk management strategy.- Collect information and review documentation to ensure that risk scenarios are identified and evaluated.- Identify legal, regulatory and contractual requirements and organizational policies and standards related to information systems to determine their potential impact on the business objectives.- Identify potential threats and vulnerabilities for business processes, associated data and supporting capabilities to assist in the evaluation of enterprise IT risk.- Create and maintain a risk register to ensure that all identified risk factors are accounted for.- Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization.- Analyze risk scenarios to determine their impact on business objectives.- Develop a risk awareness program and conduct training to ensure that stakeholders understand risk and contribute to the risk management process and to promote a risk-aware culture.- Correlate identified risk scenarios to relevant business processes to assist in identifying risk ownership.- Validate risk appetite and tolerance with senior leadership and key stakeholders to ensure alignment

2. Risk Response

Develop and implement risk responses to ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives.- Identify and evaluate risk response options and provide management with information to enable risk response decisions.- Review risk responses with the relevant stakeholders for validation of efficiency, effectiveness and economy.-
- Assist in the development of risk response action plans to address risk factors identified in the organizational risk profile.

3. Risk Monitoring

Monitor risk and communicate information to the relevant stakeholders to ensure the continued effectiveness of the enterprise’s IT risk management strategy.- Collect and validate data that measure key risk indicators (KRIs) to monitor and communicate their status to relevant stakeholders.- Monitor and communicate key risk indicators (KRIs) and management activities to assist relevant stakeholders in their decision-making process.- Facilitate independent risk assessments and risk management process reviews to ensure they are performed efficiently and effectively.- Identify and report on risk, including compliance, to initiate corrective action and meet business and regulatory requirements.

4. Projects and Initiatives related to IT- Participate in IT projects and initiatives to bring pro-active risk management focus into solutions.

Other duties : In collaboration with other Standards Office team members, Information Security, and other support functions, contribute to information systems control design and implementation.

Knowledge / Skills / Abilities / Education- Adhering to principles & values- Writing & reporting-
- Analyzing- Planning & organizing- Delivering results & meeting customer expectations- Achieving personal work goals and objectives- Must be able to summarize and communicate technical data to a non-technical audience.- Familiarity with Microsoft Office products including Word, Excel, VISIO and PowerPoint is preferred- Risk management tools- Enablon products and services offer- Software development, Agile Software Development Life