IT Risk Manager - Sandton, South Africa - Discovery Ltd.

Discovery Ltd.

Verified Company

Sandton, South Africa

1 week ago

Posted by:

Thabo Mthembu

beBee Recruiter

Description

Business Unit:
Discovery Life
Function:IT Risk Management
Date:30 Apr 2024- Discovery Life
IT Risk Manager
About Discovery

Discovery's core purpose is to make people healthier and to enhance and protect their lives. We seek out and invest in exceptional individuals who understand and support our core purpose, and whose own values align with those of Discovery. Our fastpaced and dynamic environment enables smart, selfdriven people to be their best. As global thought leaders, Discovery is passionate about innovating in order to not only achieve financial success, but to ignite positive and meaningful change within our society.
About Discovery Life
Discovery Life is an ever growing fastpaced and dynamic environment that provides innovative risk assurance to individual clients. This environment thrives on customer engagement and customer experience as well as mutually beneficial relationships with our brokers and other stakeholders. It is important for our employees to provide a world class service to our internal and external clients, thereby ensuring long and sustainable relationships
Key Purpose

The key purpose is to establish, implement and facilitate best practice IT Risk Management principles the companies within the Discovery Life License.

Areas of responsibility may include but not limited to
-
IT Risk Governance Maturity

Develop a workplan for each of the companies (Life, Invest and EB) to reach a level of optimised IT Risk Governance.
Manage workflows to ensure efficient delivery of the workplan.
Demonstrate progress and valueadd against the workplan.

-
Regulatory Visits, Returns and Feedback

Complete IT Risk returns for regulators.
Coordinate regulatory visits related to IT Risk, including drafting all material required for the visits.
Report on the completion of IT related actions and recommendations from regulators. The IT Risk Manager will liaise with the relevant action owners in providing this update.

-
Risk Policies and Frameworks

Facilitate the rollout of IT Risk policies and frameworks within business.
Provide training to staff on IT Risk Management.

-
The IT Risk Profile

Develop and maintain the IT Risk Profile.
Present the IT Risk Profile and Dashboards at the Risk EXCOs.
Develop IT Risk Appetites for the businesses.
Develop IT KRIs with full coverage of the IT Risk Profile.
Establish and maintain the Emerging IT Risk Profile.

-
Risk Assessments

Conduct IT Risk Assessments and Deep Dives.

-
IT Risk Reporting

Prepare the IT Risk Report and Dashboard for Risk EXCOs.
Prepare the monthly IT KRI Report.

-
Representation at Meetings

Act as a representative of the CIOs, Head of Risk or Life Licence for IT Risk in meetings, communication and with staff as required.
Champion and lobby the IT business case in meetings and communication.
Provide memostyle feedback to the CIOs and Head of Risk of governance meetings and forums attended.

-
Combined Assurance IT Work

Oversee and report on the closing of Risk Management, Audit and Compliance IT findings within the company.
Develop and maintain a combined assurance IT findings report.

Education and Experience

Essential:

Matric
Degree or Diploma from an accredited institution
5 years' work experience in IT.
2 years' work experience in a risk management or related position.

Advantageous:

3 years' work experience as a senior IT Risk Analyst, IT Auditor, or IT Compliance Analyst.
5 years' work experience in the financial or insurance industry.
Previous work experience handling IT governance both internally and with external supervisory bodies.
BCom, BSc (Risk Management, or IT)

Technical Skills and Knowledge

Essential:

A solid understanding of IT systems, networks, infrastructure, and software is essential. This includes knowledge of different operating systems, databases, programming languages, and IT architectures.
Familiarity with risk management frameworks such as COSO, ISO 31000, or NIST is crucial. This involves the ability to identify, assess, and prioritise risks specific to IT environments.
Understanding of relevant regulations and compliance requirements applicable to the SA financial sector
Knowledge of cybersecurity principles, best practices, and emerging threats is essential for assessing and mitigating IT risks effectively.
Strong analytical skills are necessary for assessing complex IT systems and identifying potential vulnerabilities or weaknesses that could pose risks to the organization.
Effective communication skills are essential for conveying riskrelated information to stakeholders at all levels of the organization, including technical and nontechnical audiences.
Ability to manage projects related to risk assessment, mitigation, and compliance initiatives within the IT department.
The capability to quickly identify and address issues related to IT risk managemen