IT Risk Manager

Summary: The role will be positioned within the risk management function .The function’s purpose is to ensure that industry best practice risk management frameworks, controls and risk treatment plans are in place and executed and that the required monitoring of and reporting on IT risk exposure to the Chief Risk Officer (CRO) and the Chief Information Officer (CIO) occurs.
The role is required to provide overall leadership, vision and direction to the IT risk management function by supporting the achievement of the business’ strategic objectives. The incumbent will be considered as the thought leader of IT risk and is expected to ensure that IT risks are appropriately assessed, measured, prioritized and reported to the relevant stakeholders.

DUTIES AND RESPONSIBILITIES
• Take overall accountability of the IT risk management function, ensuring that the objectives of IT risk management meets the business’
strategic objectives
• Develop, establish, and implement policies and frameworks for IT risk management, including the consideration of the necessary risk
appetite statements and key risk indicators
• Perform and monitor IT risk assessments, which comprise identifying, assessing, measuring, prioritizing and reporting risks that may
impact the business
• Work closely with business and IT risk owners to co-create plans and solutions and ensure proactive risk management is embedded in the
business / risk owners’ processes
• Develop remedial plans with IT risk owners to manage IT risks to desired levels on an ongoing basis
• Provide assurance on material IT risk exposures to the CRO and Executive Committee
• Driving the embedment of the applicable information technology regulatory and compliance standards
• Challenging the IT risk profile through risk assessments and control adequacy reviews
• Reporting on IT risk exposures, the IT risk profile and associated mitigating plans to the relevant governance structures level
• Submission of the necessary quarterly IT risk assessments to Group IT
• Attending the Risk Forum, the IT Risk committee and any other quarterly governance meetings deemed appropriate
• Liaising with internal and external audit, thus managing all IT-related audits, including the tracking of IT-related audit findings
• Ensure that regular (at least quarterly) Logical User Access Management assessment is completed
• Ensure quarterly SANS Top 20 is submitted to IT Security
• IT subject matter expert as part of the third-party risk assessment and onboarding process within
• Support the Business Continuity Champion during the annual disaster recovery testing process, where deemed appropriate

QUALIFICATIONS REQUIRED
• A relevant degree in Computer Science, Information Technology,
• Risk Management or equivalent at NQF level 8.

EXPERIENCE REQUIRED
• At least 4 years in an IT or information security risk management role