CS IT Risk and Control Analyst in Constanţa

Job Description

As an IT Risk and Control Analyst for Customer Service Department, you will be part of Compliance, Risk and Control team as a first line of defence role,  responsible for supporting process and product owners throughout the business to document, maintain & monitor internal controls in line with our risk appetite, and to maintain the accuracy and quality of their Risk & Control Matrices.

 

Responsibilities and skills required for the IT Risk  & Control Analyst role are tightly linked to the Capability Area they work for, in IT Compliance & Control Assurance focus on ensuring our IT control environment is monitored and controls are operating as expected.

The IT Risk & Control analyst role requires solid stakeholder management skills, and to be comfortable with challenging risk owners to come up with robust, scalable solutions which mitigate key risks while enabling successful business operations.

B. Responsible

• Support process and control owners to understand risks within SOX, PCI or GDPR, business continuity etc. and assist them in determining optimal controls to mitigate risks.
• Conduct design and operational testing of internal controls within agreed timescales
• Coordinate with process owners regarding control documentation, testing, evaluation, and necessary remediation.
• Identify control weaknesses and support the Risk & Controls team to influence process owners to implement agreed changes in a timely and effective manner.
• Support team to identify ways to increase their business impact and improve the team’s product(s) and ways of working
• Support and coordinate audit activities and help to close any controls deficiencies identified
• Enable continuous improvement, maintaining our Booking.com controls framework, by providing general and technical guidance on how to maintain relevant controls
• Monitor control performance of IT controls (ITGC as well as ITAC) across the business for timely and effective execution

B. Skilled

• 3+ years of experience gained within compliance, internal controls or audit
• Strong working knowledge of IT risk management and governance, SOx regulation, control frameworks (e.g. ITGC, COSO, NIST) and familiarity/working experience of SOX IT
• Business or IT degree / certificates (CISA, CISM, CISSP, CRISC)
• Hands on experience with large e-commerce or tech companies preferable
• Familiar with ServiceNow, Google Suite, Jira tools (or similar)
• Experience with CRM tooling would be a plus
• Enthusiastic, self-starting and enjoys change and a dynamic environment
• Able to self-motivate, organise and take responsibility for own workload to ensure that deadlines and objectives are met
• Able to multitask and prioritize work effectively
• Knowledge of DevOps tools such as Puppet, Git, Docker or Kubernetes is a plus
• Fully comfortable working in English, both written and spoken