Title
: ICT Risk Analyst
Type:
Permanent
Location:
Cork (onsite 3 days a week)
Role Purpose
The ICT Risk Analyst is responsible for identifying, assessing, monitoring, and reporting technology-related risks across the organisation. The role supports effective risk management, regulatory compliance, and the resilience of ICT systems by ensuring risks are understood, mitigated, and aligned with the organisation's risk appetite.
Key Responsibilities
ICT Risk Management
* Identify and assess ICT risks across infrastructure, applications, data, third-party services, and cyber security
* Maintain and update the ICT risk register in line with organisational frameworks
* Perform risk assessments for new systems, projects, and changes (e.g. cloud adoption, system upgrades)
* Monitor key risk indicators (KRIs) and emerging technology risks
Governance, Compliance & Assurance
* Support compliance with relevant standards and regulations (e.g. ISO 27001, NIST, COBIT, ITIL, GDPR, SOC2)
* Assist with internal and external audits, including evidence collection and remediation tracking
* Review and assess the adequacy of ICT controls and control effectiveness
* Support policy development and regular reviews (e.g. information security, access management, incident response)
Incident & Resilience Support
* Support ICT incident and cyber incident analysis from a risk perspective
* Assist with business continuity and disaster recovery risk assessments and testing
* Track and report on control weaknesses and remediation progress
Reporting & Stakeholder Engagement
* Prepare clear risk reports and dashboards for senior management and risk committees
* Communicate ICT risk issues to both technical and non-technical stakeholders
* Work closely with ICT, cyber security, compliance, and business teams
Key Skills & Competencies:
Technical & Risk Skills
* Strong understanding of ICT environments (networks, systems, cloud, applications, data)
* Knowledge of ICT risk management and control frameworks
* Familiarity with cyber security principles and threats
* Experience with risk assessment methodologies
Analytical & Communication Skills
* Strong analytical and problem-solving abilities
* Ability to translate technical risks into business impact
* High attention to detail with strong documentation skills
* Confident written and verbal communication
Qualifications & Experience
Essential
* Degree in Information Technology, Computer Science, Risk Management, or a related field (or equivalent experience)
* Experience in ICT risk, technology risk, cyber risk, IT audit, or information security
* Knowledge of risk and control frameworks (e.g. ISO, NIST, COBIT)
Desirable
* Professional certifications such as CRISC, CISM, CISSP, ISO 27001 Lead Implementer/Auditor, or similar
* Experience working in a regulated environment
* Exposure to third-party or vendor risk management