An'yst, Risk Advisory

The role is responsible for supporting the Technology and Operations (T&O) division in managing First Line of Defence (1LOD) risk activities across Chief Information Officer (CIO) functions. This includes coordinating and overseeing risk identification, assessment, mitigation, and monitoring, as well as managing technology risk–related internal and external audit engagements.

The individual will partner closely with CIO teams and stakeholders across the three lines of defence, including internal and external auditors, to deliver targeted risk outcomes. The key responsibilities include establishing proactive risk identification processes, advising on control operating effectiveness, and identifying gaps or non‑compliance with technology control standards or country‑specific regulatory obligations.

The role also ensures comprehensive management audit oversight, including the creation, maintenance, and tracking of audit observations, management action plans, and remediation progress. Continuous monitoring of risks, issues, and action items is required to ensure timely remediation and escalation to senior management where necessary. Acting as a trusted risk subject matter expert, the individual will drive improved audit outcomes, maintain a strong control environment, and support timely closure of audit actions and identified gaps throughout the audit lifecycle.

• Execute Risk and Control Self Assessments (RCSA) for annual cycles and ad‑hoc triggers.
• Perform residual risk assessments and prepare detailed reports for review by senior stakeholders.
• Conduct reviews for new projects, system changes, and transition to assess impact to risk profile.
• Carry out top‑down and thematic reviews, highlighting emerging risks and areas requiring attention.
• Perform root‑cause reviews/analysis for risk events.
• Track key application controls and risk metrics to mitigate identified risks.
• Elevate and document risk dispensation and exceptions in alignment with governance requirements.
• Monitor control compliance and performance through risk scorecard, providing accurate and timely updates.
• Track issues and management action plans, ensuring on‑time remediation and escalation of delays or concerns.
• Validate closure of completion treatment plans and confirm risk reduction measures are effective.
• Prepare and deliver materials for CIO line of Business risk forums to enable informed decision making.
• Review and maintain alignment with IT standards, processes and regulatory obligations.
• Identify control gaps or non‑compliance and provide advisory to stakeholders on remediation options.
• Support audit readiness, engagement and closure activities to improve audit outcomes and maintain a strong control environment.