IT Risk Manager – Gauteng Johannesburg

Role Purpose

To ensure the business risk management framework is effectively applied to technology and information systems and to oversee business continuity, security and quality. To plan, execute, and manage multi-faceted projects related to risk management, mitigation and response, compliance, control assurance, and user awareness. To oversee security strategies, policies/standards, ensuring the effectiveness of solutions, and providing security-focused consultative services to the business.

Minimum qualifications

Minimum Qualification: Relevant Diploma/Degree in Information Technology, Computer Science and/or IT Risk Management

Preferred Qualification: Certification in any of the following will be an advantage: CRISC, CISA, CISSP, CISM, CIA, PECB (ISO)

COBIT 5 certified (Foundation and Assessor)

Minimum experience

5-7 years’ experience with relevant IT, risk, auditing, governance and compliance experience and/or management experience

Requires in-depth knowledge of security issues, techniques and implications across all existing computer platforms

Experience in the financial services industry

Key Skills

Understanding of Enterprise Risk Management (ERM), Own Risk and Solvency Assessment (ORSA) and Solvency Assessment and Management (SAM) practices and philosophy and relevant local legislation and regulations impacting risk management.

Comprehensive risk management skills encompassing the regulatory, risk governance, risk management and IT risk management landscape.

Relevant industry and technical skills and experience

Preferred: Quantitative, financial, and accounting knowledge

Key qualities

Client Centricity

Integrity, Courage, Transparency

Assertive, resilient, Deadline and solution-driven,

Excellent written and verbal communication, influencing, facilitation, and presentation skills

Interpersonally agile and strong at building relationships at all levels

Conceptual and analytical with strong attention to detail

Reports to

Risk Manager

Direct reports

Internal stakeholders

Line Management, ERM Team/ Broader Risk and Compliance community/ Organisation

External stakeholders

Third Party Cell Captives/ Client/ industry Bodies

Key role challenges

Being a trusted advisor and valued partner rather than policeman or whistle-blower (not consulted as a last resort)

Getting the balance right between supporting, influencing and challenging, as well as balancing short and long-term needs

Managing the balance between being firm, assertive and objective but at the same time responsive and open-minded

Being seen as a trusted advisor and valued partner embedded within rather than external to business

Staying abreast of regulatory, market and industry developments and trends

Managing change with stakeholders who do not want to engage

