Job Description :
Client : KPMG
Position : IT Risk Analyst
Location : Roseland, NJ
Duration : 8+ Months Contract (High possibility of Extension)

Responsibilities:
Identification of control objectives, mapping of existing controls to objectives, testing the controls & reporting of gaps.
Identify control objectives for domain specific risk scenarios - based on Industry standards like NIST, CoBIT, ISO ISMS etc
Map existing controls at KTech to these control objectives
Identify missing controls and determine the risk and implications
Test the effectiveness of the existing/mapped controls, report gaps if any with appropriate mitigation solutions.
Periodically (weekly/monthly) track metrics for KRIs and input into Archer for monitoring against risk scenarios.
Create and publish monthly/quarterly risk reports (based on pre-defined templates
Conduct annual operational audits for the identified & implemented controls to ensure continued effectiveness and report gaps

Required Skills:
8+ years of relevant IT work experience with emphasis in risk disciplines e.g. Governance, Risk and Compliance (GRC), Information Security, Third party risk management, disaster recovery, etc.
Knowledge of and ability to apply internal auditing and technology principles and practices.
Experience with IT risk identification and assessment methodologies.
Basic understanding of general system controls (e.g., change management, information security, business continuity planning, system development lifecycle)
Experience in COBIT, ISO, NIST or other established risk management frameworks.
Experience with or certification in use of GRC Tools such as Archer.
Considerable skill in using Microsoft Office Suite products including Word, and Excel.
Ability in collecting and analyzing complex data, evaluating information and systems, and drawing logical conclusions
Detailed oriented – required to successfully perform control tests.
Excellent writing skills; ability to accurately summarize test findings.
Ability to weigh business needs against risk concerns and articulate issues to management.
Ability to take the lead on completing assignments with minimal direction.
Preferably holds one or more of the following or equivalent certifications: CISSP, CISM, CISA, CIA, CRISC, CGEIT CIAC, ISO (any one of the certifications is fine with the consultant)
Strong interpersonal and relationship management skills.