IT Risk and Control Audit Specialist

About the role

The IT Risk and Control Audit Specialist will manage the end‑to‑end risk cycle for IT processes, ensuring that inherent risks are identified, assessed, and monitored through effective controls. You will work closely with internal audit, external auditors, and key stakeholders to maintain compliance and support new technology implementations.

Key responsibilities

• Identify, assess, and evaluate inherent IT risks and monitor controls on a defined schedule.
• Conduct process reviews to evaluate operational controls and key risk indicators, recommending improvements.
• Coordinate with Internal Audit for annual IT reviews and manage external audit deliverables.
• Administer access‑review campaigns to ensure compliance with critical company controls.
• Document risk workflows for processes and new projects requiring controls.
• Support creation of the IT Risk and Control Matrix, mapping risks to controls per internal policies.
• Assist in implementing new technologies, ensuring appropriate internal controls are in place.

Required profile

• Bachelor’s degree preferred; relevant experience may be considered.
• Strong knowledge of industry trends and best practices in IT risk and control.
• Willingness to continuously learn and stay updated on new developments.
• Fluent in both Spanish and English.

Required skills

• Scrum certification or experience.
• ISO framework knowledge.
• COBIT framework knowledge.
• ITIL framework knowledge.