Information Technology Risk Manager

Job Description

The IT Risk Manager role supports the organisation's IT & Ops Risk Management Programme by serving as a best practice and quality contributor. The individual acts as the first line of defence, providing RCG risk assessments and other risk management activities, including risk identification, profiling, assessment, response, evaluation, and advising on issues and remediations to support the overall IT & Ops organisation. This position ensures activities align with the Risk and Controls Governance framework.

Strategy and Transformation:

• Align with Group RCG target state program based on the planned roadmap, including governance, risk management methodologies, technology enablement and automation, metrics, and reporting.
• Collaborate with the three lines of defence and other risk functions to support, enable, and align the Risk and Controls Governance strategy within the broader risk management framework.
• Engage stakeholders across all levels of the business to ensure effective communication, input, and buy-in.
• Develop education, training, and awareness campaigns related to IT & Operations risks, including critical communications to promote understanding and adoption.

Operational Activities:

• Conduct risk profiling and inherent risk assessments.
• Perform risk assessments for processes, applications, and infrastructure.
• Carry out risk and scenario analyses for IT & Operations risks.
• Develop risk metrics and reporting mechanisms.
• Create materials for leadership review of issues identified through risk activities.
• Assist the business in establishing governance channels and monitoring the execution of risk response plans.
• Serve as the point of contact for stakeholder questions, managing escalations and communications.
• Provide guidance and risk advisory support to key initiatives.
• Prepare and present regular updates to executives on the health of functional areas, facilitating management discussions and decision-making.
• Develop and deliver training materials suited to the audience.
• Update management on task progress and escalate issues as needed.
• Perform additional duties as directed by the Performance & Governance Director or CIO & Head of Transformation.

Person requirements:

• Proven experience (5+ years preferred) in IT & Operations Governance and risk functions, focusing on risk identification, assessment, and mitigation.
• Relevant certifications such as CISSP, CISM, CISA, CIA, CRISC, CGEIT, ISO, etc., are desirable.
• Ability to develop and maintain risk registers, control libraries, and compliance documentation.
• Strong analytical skills for assessing complex risks and recommending mitigation strategies.
• Experience collaborating with cross-functional teams across Operations, IT, security, compliance, and business units.
• Excellent interpersonal and communication skills for stakeholder engagement at all levels.
• Experience with technology processes, risk, and control frameworks.
• Ability to present effectively to large audiences.