Analyst -ITGC

Analyst Enterprise Risk Management (First Line of Defense) – ITGC Testing

Role Overview

We are looking for a motivated professional to join the Enterprise Risk Management (ERM) First Line of Defense team in the role of ITGC Testing Analyst. This role will be responsible for testing and assessing IT General Controls (ITGCs) across critical domains such as IT Governance, Network Configuration, Data Management, Data Governance, and Vulnerability & Patch Management. The role ensures that IT systems, processes, and controls are compliant, secure, and resilient.

Key Responsibilities

• Perform control testing of IT General Controls (ITGCs) in areas including:

• IT Governance & Risk Management

• Network Configuration Management
• Data Management & Data Governance
• Vulnerability & Patch Management

• Server/Platform Configuration

• Conduct Test of Design (ToD) and Test of Effectiveness (ToE) for IT controls in alignment with industry standards (e.g., COBIT, NIST, ISO).

• Support RCSA upliftment in IT domains by reviewing risks and ensuring controls are effectively mapped and tested.
• Identify control gaps and work with IT/business stakeholders to define remediation plans.
• Maintain documentation of testing procedures, evidence, and outcomes for audit/regulatory readiness.
• Prepare periodic risk/control testing reports and dashboards for management review.
• Contribute to automation initiatives for IT control testing, where feasible.

Qualifications & Skills

• Bachelor's degree in Computer Science, Information Systems, or related discipline.
• 2–5 years of experience in IT Risk, IT Audit, or ITGC Testing.
• Strong understanding of IT Governance, Security, and Risk Management concepts.
• Hands-on exposure to network configuration, vulnerability management, and patch management processes.
• Familiarity with frameworks like NIST, COBIT, ISO 27001, SOX, and SOC1/2 preferred.
• Strong analytical skills and ability to assess risks in IT infrastructure.
• Effective communication and stakeholder management skills with both technical and non-technical teams.