IT Risk Manager - Centurion, South Africa - Samaha Consulting

Description

• A relevant degree in Computer Science, Information Technology, Risk Management or equivalent at NQF level 8.
• At least 4 years in an IT or information security risk management role

• Take overall accountability of the IT risk management function, ensuring that the objectives of IT risk management meets the business strategic objectives
• Develop, establish, and implement policies and frameworks for IT risk management, including the consideration of the necessary risk appetite statements and key risk indicators
• Perform and monitor IT risk assessments, which comprise identifying, assessing, measuring, prioritizing and reporting risks that may impact the business
• Work closely with business and IT risk owners to co-create plans and solutions and ensure proactive risk management is embedded in the business / risk owners processes
• Develop remedial plans with IT risk owners to manage IT risks to desired levels on an ongoing basis
• Provide assurance on material IT risk exposures to the company's CRO and Executive Committee
• Driving the embedment of the applicable information technology regulatory and compliance standards
• Challenging the IT risk profile through risk assessments and control adequacy reviews
• Reporting on IT risk exposures, the IT risk profile and associated mitigating plans to the relevant governance structures at the company's level
• Submission of the necessary quarterly IT risk assessments to Group IT
• Attending the company's Risk Forum, IT Risk committee and any other quarterly governance meetings deemed appropriate
• Liaising with internal and external audit, thus managing all IT-related audits, including the tracking of IT-related audit findings
• Ensure that regular (at least quarterly) Logical User Access Management assessment is completed
• Ensure quarterly SANS Top 20 is submitted to IT Security
• IT subject matter expert as part of the third-party risk assessment and onboarding process within the company
• Support the Business Continuity Champion during the annual disaster recovery testing process, where deemed appropriate
• Requires an in-depth knowledge of information technology issues, techniques and implications across a wide variety of existing information technology platforms
• In-depth understanding of risk management practices
• Knowledge of the relevant regulatory, legislative, governance, risk and compliance landscapes would be beneficial to the role
• Understanding of Enterprise Risk Management (ERM) and Own Risk and Solvency Assessment (ORSA) practices and philosophies would also be beneficial to the role