Risk Officer (Operations – Information Security and Data)
Reporting into: Risk Manager
Role Purpose: The purpose of the role is to safeguard the organization by identifying, monitoring and offering risk mitigating options to the achievement of company’s business objectives.
Qualifications and Knowledge:
- Preferred: Degree in Information Security, Computer Studies, Data Management, Risk Management, or Internal Audit
- Advantageous: Certification in Information Security
- Minimum of 5 years’ experience in Information Security, Risk Management, Systems Audit.
- General understanding of IT Security Standards
- Advantageous: ISO 3100 and COBIT
Risk Management for Current Businesses:
- Overseeing and in some areas, driving the implementation of appropriate risk control actions
- Monitoring, evaluating, and challenging the organization’s success in managing information, cyber and data risks
- Assist in identifying major information security and data management risks affecting the operational functions within the company
- Administration of the process of identifying and assessing the information security, cyber security and data management risks
- Monitor internal controls to ensure their adequacy and effectiveness and assist in the identification of appropriate enhancements to address identified weaknesses
- Conduct research when required on specific topics as required
- Compile and submit all scheduled and ad hoc risk management reports timeously and accurately
- Provide input to the development and updating of risk management policies and procedures for the organisation to ensure areas of responsibility are adequately addressed
- Assist in the maintenance of a culture within the company that emphasises and demonstrates the importance of effective Risk Management to all staff
- Assist in the training of employees on the risk management framework
- Conduct risk assessments of the operational processes and practices on an ongoing basis
- Provide input for the annual risk management plan and execute in accordance with plan
- Stay abreast of requirements related to information security, cyber and data risk management standards and best practice
Risk Management for New Business/Service:
- Provide risk support to project team regarding information security, cyber security, data management; assessment/assistance of/on their process, procedures and in identifying risk and controls associated.
- Assess adequacy of risk control frameworks for data and information security aspects of new services
- Assess the changes to the organization’s risk profile because of new services
- Conduct research on emerging technologies to provide risk management support to the business
- Identify training opportunities to enhance knowledge of new technologies
- Provide training and guidance to the risk management team on areas of focus to share knowledge and assist with cross-skilling
- Provide guidance to teams in identification, planning and execution of assurance activities relating to new technologies
Business Continuity Management:
- Initiate and collate divisional Business Impact Assessments annually.
- Work with the company DR (Disaster Recovery) resources to ensure all issues from the market DR tests are addressed.
- Ensure that responsible staff members update DR plans for core applications on an annual basis.
- Provide input to the company business continuity plan.
- Support divisions in their business continuity planning
Data and Information Security:
- Actively participate in the Information Security Board through highlighting risk considerations for operational events, current processes, or new products/services under consideration.
- Track and follow-up on issues raised in areas of focus to support timely resolution
- Provide guidance to the business on emerging data and information security risks
- Perform independent assessments of adherence to data and information security assessments against adopted standards.
- Drive the awareness and appreciation for data integrity, confidentiality, and availability principles within the organisation.
- Responsible for facilitation of assigned internal audit function reviews
- Coordination of management responses across the organisation for assigned reviews
- Validate adequacy of management’s proposed remedial actions for gaps identified
- Coordinating of organisation tracking and resolution status of previous findings
Combined Assurance Forum:
- Assist in the preparation of reports and annual assurance plans
- Identify assurance gaps in proposed plans on a regular basis
- Coordinate assurance reviews related to areas of responsibility
- Assist in reporting of various assurance activities across the organisation
- Information Security
- Risk Management
- Systems Audit
About The Employer:
Employer & Job Benefits:
- Pension Fund
- Medical Aid