Chief Manager – IT and Operational Risks

Chief Manager – IT and Operational Risks

November 10, 2025

Job Summary

The purpose of this position is to ensure implementation of the risk management framework at SSGC’s IT and Operational/Technical departments.

Qualifications

Engineering Graduate (Mechanical / Electrical) with at least 9 years of relevant experience.
BCS or equivalent with at least 10 years of relevant experience.
Candidate must have at least 04 years of relevant experience as a Functional / Team Lead.
Registration with PEC is mandatory for Engineers.
Preferred Certifications: CISA, CRISC, CISSP, etc.
Training in ISO 31000 on risk management will be a plus.

Responsibilities

• Establishes and communicates the organization’s Enterprise Risk Management Framework, objectives and direction and provide guidance to achieve the ERM maturity model developed by the company
• Implements ERM Framework, Risk Culture and recommends risk management policies, risk appetite and risk limits to Executive Management.
• Designs, communicates and facilitates the use of appropriate Enterprise Risk Management methodologies, tools and techniques across the organization.
• Controls enterprise-wide risk assessments and monitors priority risks across the organization.
• Leads the development / implementation of system-wide risk management function of the information security program to ensure information security risks are identified & monitored
• Has knowledge and experience of implementation of Information Security Management Systems based on ISO 2700X
• Advances the design, delivery, and performance of IT risk metrics and reports including the Business Impact Assessment, IT Risk Management Framework, and the management of configurations and standards
• Assesses, evaluates and makes recommendations to management regarding the adequacy of security controls, risks involved for the organization’s information and technology systems
• Leads the system-wide information security compliance program, ensuring IT activities, processes, and procedures comply with defined requirements, policies and regulations
• Leads enterprise, network, application, and cloud infrastructure risk assessments while maintaining process and procedural documentation
• Coordinates and tracks all Operational, IT Risks, information technology and security related assessments including scope of assessment, parties involved, timelines, and outcomes
• Provides insight and guidance to IT processes and projects to ensure best practices and security standards are maintained
• Operates with a high degree of independence with regard to project management activities, including development of project plans and budget/resource estimates
• Has excellent knowledge and experience of information security, audit, risk management, compliance or risk consulting experience
• Arranges and conducts Risk Workshops for confirmation of the Risk Registers and for identifying risks and mitigation controls of Risks
• Provides guidance, coordination and subject matter expertise to business functions to ensure the implementation of the agreed risk management strategy
• Works with all functional groups to establish, maintain and continuously improve risk management capabilities
• Manages relationships with external consultants and supervises work programs
• Plans the risk management related awareness amongst SSGC IT and Operation / Technical departments regarding the need and importance of this exercise as well as correct implementation of the program through guided training sessions and/or e-learning modules
• Guides the IT function to undertake a thorough information systems risk assessment to understand the risks to the availability, integrity and confidentiality of data and systems
• Ensures that such risk assessment encompasses all systems, including hardware, software, data, networks and any business processes to identify threats, vulnerabilities, probabilities of occurrence and potential impact
• Ensures close coordination with individual technical or operational departments to articulate key risks and determine severity of impact as well as probability of occurrence, using a top‑down as well as a bottom‑up approach
• Develops a common set of assessment criteria that can be used across operating departments and determines how much risk the organization faces
• Identifies and analyzes risks and risk indicators pertaining to loss of critical systems, key suppliers, key employees, etc.
• Helps the departments in categorization of risks according to a pre‑defined criterion into categories including “critical”, “catastrophic”, etc., based on level of severity and likelihood of happening (e.g. almost certain, likely, possible)
• Assesses key risk areas including operational risk, compliance risk, legal risk, liquidity risk, etc., and provides feedback to departmental heads on steps needed to mitigate these risks