IT Risk Manager | Centurion

Our client is looking for a highly motivated individual who is able to work at Information Technology (IT) management and the company’s leadership levels to ensure that IT risk within the company is well managed within the risk appetite of the business.

The role will be positioned within the risk management function of the company. The function’s purpose is to ensure that industry best practice risk management frameworks, controls and risk treatment plans are in place and executed and that the required monitoring of and reporting on IT risk exposure to the Chief Risk Officer (CRO) and the Chief Information Officer (CIO) occurs.

The role is required to provide overall leadership, vision and direction to the IT risk management function by supporting the achievement of the business’ strategic objectives. The incumbent will be considered as the thought leader of IT risk and is expected to ensure that IT risks are appropriately assessed, measured, prioritized and reported to the relevant stakeholders.

Responsibilities:

• Take overall accountability of the IT risk management function in the company, ensuring that the objectives of IT risk management meets the business’ strategic objectives.
• Develop, establish, and implement policies and frameworks for IT risk management, including the consideration of the necessary risk appetite statements and key risk indicators.
• Perform and monitor IT risk assessments, which comprise identifying, assessing, measuring, prioritizing and reporting risks that may impact the business.
• Work closely with business and IT risk owners to co-create plans and solutions and ensure proactive risk management is embedded in the business / risk owners’ processes.
• Develop remedial plans with IT risk owners to manage IT risks to desired levels on an ongoing basis.
• Provide assurance on material IT risk exposures to the company CRO and Executive Committee.
• Driving the embedment of the applicable information technology regulatory and compliance standards.
• Challenging the IT risk profile through risk assessments and control adequacy reviews.
• Reporting on IT risk exposures, the IT risk profile and associated mitigating plans to the relevant governance structures at a company level.
• Submission of the necessary quarterly IT risk assessments to Group IT.
• Attending the company’s Risk Forum, the company IT Risk committee and any other quarterly governance meetings deemed appropriate.
• Liaising with internal and external audit, thus managing all IT-related audits, including the tracking of IT-related audit findings.
• Ensure that regular (at least quarterly) Logical User Access Management assessment is completed.
• Ensure quarterly SANS Top 20 is submitted to the company’s IT Security.
• IT subject matter expert as part of the third-party risk assessment and onboarding process within the company.
• Support the Business Continuity Champion during the annual disaster recovery testing process, where deemed appropriate.

Skills and behavioural competencies:

• Written and verbal communication skills.
• Presentation skills.
• Influential and assertive, displaying self-confidence.
• Negotiation skills.
• Relationship management.
• Analytical skills and attentive to detail.
• Planning and organising skills.
• Upholding standards.

Knowledge:

• Requires an in-depth knowledge of information technology issues, techniques and implications across a wide variety of existing information technology platforms.
• In-depth understanding of risk management practices.
• Knowledge of the relevant regulatory, legislative, governance, risk and compliance landscapes would be beneficial to the role.
• Understanding of Enterprise Risk Management (ERM) and Own Risk and Solvency Assessment (ORSA) practices and philosophies would also be beneficial to the role.

Experience and Qualifications:

• A relevant degree in Computer Science, Information Technology, Risk Management or equivalent at NQF level 8.
• At least 4 years in an IT or information security risk management role.