IT Risk Manager | Centurion
Responsibilities:
- Take overall accountability of the IT risk management function in the company, ensuring that the objectives of IT risk management meets the business’ strategic objectives.
- Develop, establish, and implement policies and frameworks for IT risk management, including the consideration of the necessary risk appetite statements and key risk indicators.
- Perform and monitor IT risk assessments, which comprise identifying, assessing, measuring, prioritizing and reporting risks that may impact the business.
- Work closely with business and IT risk owners to co-create plans and solutions and ensure proactive risk management is embedded in the business / risk owners’ processes.
- Develop remedial plans with IT risk owners to manage IT risks to desired levels on an ongoing basis.
- Provide assurance on material IT risk exposures to the company CRO and Executive Committee.
- Driving the embedment of the applicable information technology regulatory and compliance standards.
- Challenging the IT risk profile through risk assessments and control adequacy reviews.
- Reporting on IT risk exposures, the IT risk profile and associated mitigating plans to the relevant governance structures at a company level.
- Submission of the necessary quarterly IT risk assessments to Group IT.
- Attending the company’s Risk Forum, the company IT Risk committee and any other quarterly governance meetings deemed appropriate.
- Liaising with internal and external audit, thus managing all IT-related audits, including the tracking of IT-related audit findings.
- Ensure that regular (at least quarterly) Logical User Access Management assessment is completed.
- Ensure quarterly SANS Top 20 is submitted to the company’s IT Security.
- IT subject matter expert as part of the third-party risk assessment and onboarding process within the company.
- Support the Business Continuity Champion during the annual disaster recovery testing process, where deemed appropriate.
- Written and verbal communication skills.
- Presentation skills.
- Influential and assertive, displaying self-confidence.
- Negotiation skills.
- Relationship management.
- Analytical skills and attentive to detail.
- Planning and organising skills.
- Upholding standards.
- Requires an in-depth knowledge of information technology issues, techniques and implications across a wide variety of existing information technology platforms.
- In-depth understanding of risk management practices.
- Knowledge of the relevant regulatory, legislative, governance, risk and compliance landscapes would be beneficial to the role.
- Understanding of Enterprise Risk Management (ERM) and Own Risk and Solvency Assessment (ORSA) practices and philosophies would also be beneficial to the role.
- A relevant degree in Computer Science, Information Technology, Risk Management or equivalent at NQF level 8.
- At least 4 years in an IT or information security risk management role.