Group: Snr IT Risk Management – Momentum Group Coordination at Momentum Metropolitan Holdings Limited

Role Purpose    

• Group Snr IT Risk Management (Group Coordination) is responsible for orchestrating, integrating, and elevating IT risk management across the Momentum Group’s federated operating model. The role provides group-wide visibility, consistency, and insight into IT and technology-related risks by coordinating across Business Units, identifying common themes and systemic risks, and ensuring effective reporting, remediation, and regulatory alignment.
• This role is not a BU execution role, but a group coordination, facilitation, and risk-intelligence role, enabling strong risk outcomes through collaboration, influence, and structured oversight.

Requirements    

Experience

• 8 years’ experience in risk management, with primary depth in IT Risk Management
• Strong grounding in Enterprise Risk Management within a complex organisation
• Experience operating in federated or multi-business group environments

Proven exposure to:

• IT risk frameworks and assessments
• Audit processes and regulatory engagement
• Board and executive-level risk reporting

Industry Experience:

• Financial services experience strongly preferred
• Experience in regulated environments with evolving technology and cyber risk landscapes

Qualifications

Relevant tertiary qualification in:

• Risk Management
• Information Systems
• Technology, Audit, or related discipline
• Professional certifications advantageous:
• CRISC, CISA, CISM, CGEIT, or equivalent
• Risk or governance-related certifications

Duties & Responsibilities    

Group-Wide IT Risk Integration

• Coordinate IT risk management activities across all Business Units within the federated group model
• Build and maintain a group-level view of IT risk, consolidating BU risk profiles into umbrella and systemic risk themes
• Identify cross-cutting risks, interdependencies, and concentration risks that may not be visible at BU level
• Facilitate alignment on risk interpretation, assessment approaches, and treatment strategies across BUs

Risk Insight, Trend Analysis & Thematic Identification

• Analyse IT risk data, incidents, audit findings, and remediation plans across the group to identify emerging patterns and recurring themes
• Develop forward-looking risk insights, including emerging technology risks, regulatory impacts, and operational vulnerabilities
• Drive group-wide discussions on common risk drivers and potential coordinated remediation approaches

Reporting & Governance Enablement

Support and coordinate group IT risk reporting for:

• Board-Level Committees
• Management Risk Committees
• Regulatory submissions
• Translate complex IT and technology risks into clear, decision-useful risk narratives for senior leadership
• Ensure consistency, quality, and completeness of IT risk reporting across the group
• Secondary Accountability: Risk Enablement, Assurance & Regulatory Alignment

Audit Coordination & Assurance Support

• Maintain an IT risk audit landscape, tracking audit coverage, themes, and outcomes across BUs
• Support BUs in responding to audit findings and ensure visibility of remediation progress at group level
• Identify audit-driven themes that indicate systemic weaknesses or control design issues

Remediation Facilitation & Issue Oversight

• Support and facilitate remediation of IT risk issues across BUs, particularly where issues are common or systemic
• Facilitate cross-BU collaboration on remediation strategies and good practices
• Track progress of key IT risk actions and escalate where risks remain unresolved or delayed

Regulatory & Compliance Monitoring

Monitor and interpret key technology-related regulatory and supervisory requirements, including:

• Cyber resilience and technology risk standards
• IT resilience and operational continuity requirements
• Data protection and privacy-related obligations (in collaboration with the DPO)
• Translate regulatory expectations into group-level risk implications and actions
• Work with relevant stakeholders to coordinate compliance responses and remediation efforts

Key Relationships & Collaboration

• This role is heavily relationship-driven and depends on trust, credibility, and influence rather than authority.
• Build strong, constructive relationships with BU IT Risk Managers and Risk Officers
• Act as a connector between IT Risk, Information Security, Data Privacy, BCM, and Enterprise Risk
• Facilitate risk conversations that encourage openness, learning, and shared ownership
• Support a culture of risk awareness, accountability, and proactive management

Competencies    

Technical & Risk Competencies

• Enterprise and IT risk management frameworks
• Technology risk, cyber risk, data risk, and IT resilience
• Audit coordination and issue remediation
• Regulatory interpretation and compliance alignment
• Risk reporting and governance structures

Analytical & Strategic Skills

• Ability to synthesise large volumes of risk information into clear group-level insights
• Strong thematic and trend analysis capability
• Strategic thinking with attention to operational realities

Expected Behavioral Attributes

• This role succeeds on how the work is done as much as what is delivered.
• Collaborative and facilitative – brings people together rather than imposing solutions
• Credible and grounded – trusted by peers and senior leaders alike
• Influential communicator – able to translate risk into language that drives action
• Structured and disciplined – strong follow-through and consistency
• Curious and forward-looking – anticipates emerging risks and connects dots early
• Resilient and steady – comfortable navigating ambiguity and complexity

Closing Date    

• 2026/02/11