No more applications are being accepted for this job
- A relevant degree in Computer Science, Information Technology, Risk Management or equivalent at NQF level 8.
- At least 4 years in an IT or information security risk management role
- Take overall accountability of the IT risk management function, ensuring that the objectives of IT risk management meets the business strategic objectives
- Develop, establish, and implement policies and frameworks for IT risk management, including the consideration of the necessary risk appetite statements and key risk indicators
- Perform and monitor IT risk assessments, which comprise identifying, assessing, measuring, prioritizing and reporting risks that may impact the business
- Work closely with business and IT risk owners to co-create plans and solutions and ensure proactive risk management is embedded in the business / risk owners processes
- Develop remedial plans with IT risk owners to manage IT risks to desired levels on an ongoing basis
- Provide assurance on material IT risk exposures to the company's CRO and Executive Committee
- Driving the embedment of the applicable information technology regulatory and compliance standards
- Challenging the IT risk profile through risk assessments and control adequacy reviews
- Reporting on IT risk exposures, the IT risk profile and associated mitigating plans to the relevant governance structures at the company's level
- Submission of the necessary quarterly IT risk assessments to Group IT
- Attending the company's Risk Forum, IT Risk committee and any other quarterly governance meetings deemed appropriate
- Liaising with internal and external audit, thus managing all IT-related audits, including the tracking of IT-related audit findings
- Ensure that regular (at least quarterly) Logical User Access Management assessment is completed
- Ensure quarterly SANS Top 20 is submitted to IT Security
- IT subject matter expert as part of the third-party risk assessment and onboarding process within the company
- Support the Business Continuity Champion during the annual disaster recovery testing process, where deemed appropriate
- Requires an in-depth knowledge of information technology issues, techniques and implications across a wide variety of existing information technology platforms
- In-depth understanding of risk management practices
- Knowledge of the relevant regulatory, legislative, governance, risk and compliance landscapes would be beneficial to the role
- Understanding of Enterprise Risk Management (ERM) and Own Risk and Solvency Assessment (ORSA) practices and philosophies would also be beneficial to the role
IT Risk Manager - Centurion, South Africa - Samaha Consulting
Description
Desired Experience & QualificationResponsibilities: