Any business is exposed to a variety of risks. An IT Risk Manager is a key role in the Risk Management Department to enable management and risk owners to identify and mitigate those risks. The purpose of the role is to be part of a team that facilitates a comprehensive process for identifying, assessing, mitigating, monitoring and reporting on risks that the Group face or may face in line with the Group Risk Management Strategy.
The IT Risk Manager reports to the Head of Risk Management South Africa, managing an IT Risk Specialist and working with other Risk Managers and Risk Specialists in the team.
Amongst the other requirements noted here, the successful candidate will require a good understanding of the business activities of our Group and will be able to demonstrate a passion for and a keen interest in IT Governance, IT Support, IT Development and Cybersecurity risk management.
Key outputs will include the following:
- Facilitate and plan workshops with department managers and heads (first line of defence risk owners) to identify, categorize, assess and rate IT-related risks;
- To pro-actively identify potential risks in addition to the above processes, providing second line risk monitoring, challenge and review and ensuring that effective risk management processes are in place for IT related risks;
- To ensure the risks as mentioned above are captured on the risk management system and to maintain the register of risks through regular updates and workshops;
- Analyze different reports to identify risks and controls within each department;
- To report to the Head of Risk Management on the IT Risk Registers;
- Monitor effectiveness of controls, identify and monitor Key Risk Indicators in relation to approved risk appetite;
- To collaborate with other risk management teams in SA and across the Group for risk reviews, system or best practice information sharing or projects;
- Submit monthly and quarterly detailed reports of IT risk projects and risk profiles and submit an annual IT and Cyber Security report as part of the Group’s Own Risk and Solvency Assessment report;
- Co-ordinate and/or participate in IT related Regulatory information requests, questionnaires, reports, on-site meetings and presentations;
- To maintain awareness and understanding of the relevant Industry or IT related Standards, and Regulatory requirements with a view to apply these in risk management practices, assessments and ultimately to provide guidance to first line risk owners where policies, processes and procedures must be updated accordingly, this includes to provide comments and input where relevant into changing regulatory requirements;
- Monitor, assess, quantify and report on risk events;
- Identification, calculation and reporting of operational losses, especially related to Information Security, IT Development and IT Support;
- Facilitate the weekly Information Security monitoring; and
- Develop and maintain knowledge and insights of the business and external environments.
- Attend various relevant company forums and meetings and actively participate in the activities;
- Interact with various stakeholders, including management, Internal Auditors, Compliance and Quality Assurance teams;
- Relationship building with internal and external stakeholders; and
- Maintain a high level of understanding of possible risks and procedures in each department.
Risk Management Reporting
- Submit monthly and quarterly detailed reports of risk profiles, operational incidents, IT project risks, and losses; submit an annual IT and Cyber Security report as part of the Group’s Own Risk and Solvency Assessment report; and
- Provide input to reports to relevant committees, including but not limited to the Internal Risk Committee, Board reports and Audit, Risk and Compliance Committee.
Special Reporting and Other projects
Participate as an individual or as part of a project team on special projects such as:
- Environmental, Social and Ethics (ESG) report; and
- Own Risk and Solvency Assessment (ORSA).
- Information Technology or Risk Management degree/qualification or currently studying towards an Information Technology or Risk Management qualification;
- 5 to 15 years of experience within an IT/Risk environment;
- A strong technical background and knowledge of IT governance, services, processes, and assurance; and
- Proficient in MS Office Suite.
- Experience in IT Risk Management; and
- Certifications (ISACA – CISM, ISACA – CISA, ISACA – CRISC, COBIT Foundation, ITCA Cybersecurity Fundamentals Certificate).
Competencies & Attributes
- Good interpersonal relationships;
- Ability to operate and think independently;
- Decision making;
- Attention to detail;
- Ability to meet deadlines and set priorities;
- Organizing and planning;
- Ability to work under pressure;
- Ability to learn quickly;
- A good sense of judgement;
- Strong written and verbal communication skills;
- Self-disciplined and self-motivated;
- An analytical thinker;
- Takes ownership and responsibility; and
- Must maintain strict confidentiality and integrity.
An ideal candidate will be able to align their personal work values to the OUTsurance values of Awesome Service, Dynamic, Honest, Human, Passionate and Recognition.
In accordance with OUTsurance Insurance Company Ltd Employment Equity goals, preference will be given to individuals who meet the job requirements and are from the various designated groups.
- Information Technology
About The Employer:
OUTsurance has been propelling the South African insurance industry forward for the last 25 years. As leaders in the field, we’re always looking for innovative ways to create digitally advanced solutions, without losing sight of our human values. Our continued success can be attributed to outstanding employees who set the bar high with their energy and expertise. If you’re keen to grow your career in a vibrant environment with lots of ‘fun’, this could be the career opportunity you’ve been looking for.
What do you get OUT?
OUTsurance has been voted Top Employer South Africa since 2022. Our people vision is to be a great company to work for where you always get something OUT.
We offer our employees:
– A winning, fun and inclusive company culture that embraces diversity.
– Great Rewards and Recognition programs.
– Benefits (Medical Aid, Pension fund, Group life and Disability benefits)
– Growth opportunities (we hire talent, train skill and promote values driven leaders from within)
– Wi-Fi on campus and Emergency Panic-Assist through the OUTsurance app
– Employee wellness programs: Free Counselling, Legal Advice and Financial Coaching for you and your members of household.
– Casual Dress Code
– Central office location with shuttles to and from the Gautrain station and Centurion Taxi Rank
– Onsite Clinic, Canteen, Carwash, Barber, Beauty Salon and Sports facilities
– Day care centre during public school holidays
– Maternity Expressing Rooms
– Prayer Rooms
– A chance to give back (Staff Helping SA OUT volunteer program) and much more…