Risk Officer (Operations – Information Security and Data)

Reporting into: Risk Manager

Role Purpose: The purpose of the role is to safeguard the organization by identifying, monitoring and offering risk mitigating options to the achievement of company’s business objectives.

Qualifications and Knowledge:

  • Preferred: Degree in Information Security, Computer Studies, Data Management, Risk Management, or Internal Audit
  • Advantageous: Certification in Information Security

Minimum Experience

  • Minimum of 5 years’ experience in Information Security, Risk Management, Systems Audit.
  • General understanding of IT Security Standards
  • Advantageous: ISO 3100 and COBIT

Risk Management for Current Businesses:

  • Overseeing and in some areas, driving the implementation of appropriate risk control actions
  • Monitoring, evaluating, and challenging the organization’s success in managing information, cyber and data risks
  • Assist in identifying major information security and data management risks affecting the operational functions within the company
  • Administration of the process of identifying and assessing the information security, cyber security and data management risks
  • Monitor internal controls to ensure their adequacy and effectiveness and assist in the identification of appropriate enhancements to address identified weaknesses
  • Conduct research when required on specific topics as required
  • Compile and submit all scheduled and ad hoc risk management reports timeously and accurately
  • Provide input to the development and updating of risk management policies and procedures for the organisation to ensure areas of responsibility are adequately addressed
  • Assist in the maintenance of a culture within the company that emphasises and demonstrates the importance of effective Risk Management to all staff
  • Assist in the training of employees on the risk management framework
  • Conduct risk assessments of the operational processes and practices on an ongoing basis
  • Provide input for the annual risk management plan and execute in accordance with plan
  • Stay abreast of requirements related to information security, cyber and data risk management standards and best practice

Risk Management for New Business/Service:

  • Provide risk support to project team regarding information security, cyber security, data management; assessment/assistance of/on their process, procedures and in identifying risk and controls associated.
  • Assess adequacy of risk control frameworks for data and information security aspects of new services
  • Assess the changes to the organization’s risk profile because of new services

Emerging Technologies:

  • Conduct research on emerging technologies to provide risk management support to the business
  • Identify training opportunities to enhance knowledge of new technologies
  • Provide training and guidance to the risk management team on areas of focus to share knowledge and assist with cross-skilling
  • Provide guidance to teams in identification, planning and execution of assurance activities relating to new technologies

Business Continuity Management:

  • Initiate and collate divisional Business Impact Assessments annually.
  • Work with the company DR (Disaster Recovery) resources to ensure all issues from the market DR tests are addressed.
  • Ensure that responsible staff members update DR plans for core applications on an annual basis.
  • Provide input to the company business continuity plan.
  • Support divisions in their business continuity planning

Data and Information Security:

  • Actively participate in the Information Security Board through highlighting risk considerations for operational events, current processes, or new products/services under consideration.
  • Track and follow-up on issues raised in areas of focus to support timely resolution
  • Provide guidance to the business on emerging data and information security risks
  • Perform independent assessments of adherence to data and information security assessments against adopted standards.
  • Drive the awareness and appreciation for data integrity, confidentiality, and availability principles within the organisation.

Internal Audit:

  • Responsible for facilitation of assigned internal audit function reviews
  • Coordination of management responses across the organisation for assigned reviews
  • Validate adequacy of management’s proposed remedial actions for gaps identified
  • Coordinating of organisation tracking and resolution status of previous findings

Combined Assurance Forum:

  • Assist in the preparation of reports and annual assurance plans
  • Identify assurance gaps in proposed plans on a regular basis
  • Coordinate assurance reviews related to areas of responsibility
  • Assist in reporting of various assurance activities across the organisation

Desired Skills:

  • Information Security
  • Risk Management
  • Systems Audit

About The Employer:

Financial Services

Employer & Job Benefits:

  • Pension Fund
  • Medical Aid

Learn more/Apply for this position