IT Risk Manager

Jul 14, 2021

Purpose of the job:

Provide oversight and assurance on the compliance of IT policies and processes to the ERMF (including related policies) and industry best practices, rules, and regulations; conduct IT risk and controls monitoring reviews (including projects and new products, report observations to management and relevant governance structures, provide recommendations on required remedial actions, and monitor implementation thereof.

High-Level Objectives:

  1. Strategic Initiatives and Planning

  2. Review and evaluation of IT strategies and alignment with a business plan and strategic initiatives.

  3. Risk oversight of strategic initiatives particularly in relation to strategic partnerships with Fintech companies or outsourcing arrangements with IT vendors.

  4. Operational

  5. Provide assurance that IT Division applies the organisation’s approved risk management frameworks as it relates to technology and information systems.

  6. Facilitate effective business continuity and disaster recovery planning and testing.
  7. Provide oversight and challenge on the identification, assessment, monitoring, mitigation, and reporting of IT, and Cybersecurity related risks within the organisation.
  8. Monitor IT incidents and response management.
  9. Evaluate and advise on the appropriateness of governance structures for Information Technology management.
  10. Monitor adherence to Programme Governance and System Development Life cycle standards for Business and strategic initiatives with technology as a key enabler.
  11. Monitor the organisation’s Cybersecurity risk and control environment and highlight any unmitigated risk exposures.
  12. Provide oversight and assurance on the management of IT risks within IT and relevant business areas (including major IT initiatives/ projects).
  13. Provide guidance and effective challenge on the IT risks assessments performed on new products, processes, systems, and projects.
  14. Review and provide advice on efforts to create/ uphold IT risk management and Compliance and initiatives to preserve IT security throughout the bank.
  15. Effectively communicate IT compliance standards to IT department and relevant business areas.
  16. Drive IT Risk awareness training programs.
  17. Liaise with the Compliance department to keep abreast of and communicate IT regulatory requirements to IT and relevant Business Units, as well as review action plans to assess compliance thereto.
  18. Provide accurate reports and discuss results with key stakeholders and provide appropriate recommendations or conclusions.
  19. Regularly benchmark IT risk management practices to industry best practices.
  20. Provide ongoing feedback and reports on the bank’s IT risk profile and management thereof.

  21. Keep abreast of and manage IT Risk expectations from internal and external stakeholders.

  22. Personal Development

  23. Manage own performance throughout the year.

  24. Invest in personal development.

  25. Stakeholder Management

  26. Manage expectations of internal and external stakeholders.

Qualification and experience required:

  • Relevant BCom degree or Diploma specialisation in IT, Risk Management, Auditing or equivalent qualification is essential.
  • CISA (Certified Information Systems Auditor) or CISM (Certified Information Systems Manager).
  • At least 5 years of Risk experience is essential.
  • 3-5 years of experience in IT Risk Management, Audit, or IT security is essential.
  • In-depth knowledge of security issues, techniques, and implications across all existing computer platforms.
  • At least 5 years’ experience in a similar specialist role is essential.
  • Experience in the financial services industry.

Desired Skills:

  • Communication (Written and Verbal)
  • Computer Literacy
  • Internet and Mobile Security Understanding
  • Information Technology Risk Management
  • Knowledge of relevant banking acts and regulations
  • Risk Identification and Management
  • Technology Acumen
  • Analytical skills
  • Attention to detail
  • Ability to work under pressure
  • Ability to work independently
  • Time management.
  • IT
  • IT Risk Management
  • IT Audit
  • CISA
  • CISM
  • IT Security
  • Financial Services Industry

Desired Work Experience:

  • 5 to 10 years Banking
  • 5 to 10 years IT Project Administration / Management

Desired Qualification Level:

  • Degree

Learn more/Apply for this position