IT Security Assessor ITGC

this consultant will be hired to work primarily as a controls-tester as part of the ITGC Program’s requirement. Within the ITGC context, the person will be assigned the role of ‘Independent Control Tester’.The tester would perform “independent tests” on the controls that are in the framework established within the ITGC Program, which is an integral part of the Group Internal Controls Program.It refers to tests to check the following key aspects, for selected controls: if they are implemented,if they are effective (they are achieving the expected outcome)if, overall, the ITGC Program guidelines and instructions are being followed.Examples of Responsibilities as an Independent ITGC testerLiaise with key stakeholders on any testing matters (e.g.: Business Area ITGC Leads, Control Owners, or Process owners, etc.)Select the controls to be tested within the year (including obtaining the approval from Group Internal Controls)Create an annual plan based on the approved selection of controls & systemsExecute the annual testing planManage testing evidence and related documentation in the appropriate location (e.g.: Workiva, dedicated Teams site, etc.)Periodically report on the status/ progress of the annual planProvide support to identify remediation actionsProvide support to consolidate results and create reportsProfessional experience and skills:Experience with internal controls, internal and external audits, information security, assurance, etc., is preferable. Ability to talk about information security at a policy level

• i.e.; not too technical. Good knowledge on working with the perspective of processes and ‘frameworks’, such as ISO framework, NIST’s Cybersecurity framework, etc.Ability to work with deadline-driven processes and activitiesAbility to communicate well with typical stakeholders, mostly in the IT community in general, from BA CISOs to local IT representatives, etc.Ability to manage large amounts of information
• receiving, using and storing them in a structured fashionCurious-minded and open to learn new thingsEasily adaptable to constant changesProcess-orientedAbility to use typical work-use apps: Microsoft Office apps, collaboration tools, project management tools, etc.Personal profile:Social skills - Comfortable with working intensely with people
• it doesn’t look like it, but half of the work is ’stakeholder management’, providing mostly feedback about improvement points.Ability to handle ’difficult conversations’Proactive, ensuring deadlines are met, promptly acting with the aim of minimising risks of not achieving a certain deadlineSelf-drivenComfortable with reaching out to the applicable parties when needed, to trigger/ initiate and drive the activities, do follow-ups, etc. (instead of hoping or waiting for others to initiate contact)Good listenerGood team player: willing to work and build something togetherWilling to share knowledge, especially around the topic of internal controls in generalAbility to work in a structured, organised fashionComfortable with working 100% in ’shared digital spaces’, such as Teams sites, SharePoint sites. Comfortable with asking questions, asking for help when instructions, guidelines are not clear.Other informationThe workload will vary per period, based on the ITGC Independent Control Testing plan (ICT):From March to May
• approximately 24 to 32 hours per weekJune and August
• 40 hours per weekNovember to February
• approximately 16 to 24 hours per week**Please note that the hours per week may increase if we are able to assign the person to other security assessments planned under the Group Assurance function’s control-assessment plan.