Head Of Risk - Group IT at Momentum Metropolitan Holdings Limited

Role Purpose

• To manage the Risk team and engage and partner with Group IT around the complete Risk life-cycle.

Requirements

• BSc or BComm degree (or equivalent)
• Relevant industry certification i.e. CISA, CISM, CRISC and / or CGEIT (preferred)
• Relevant post-graduate degree (Risk Management and/or Compliance) (advantageous)
• Professional membership with ISACA (advantages)
• Registered with the Institute of Risk Management South Africa (RMSA) (advantages)
• Registered with the Institute of Compliance South Africa (ICSA) (advantageous)
• 8 - 10 years’ relevant industry experience, with at least 3 management capacity within a Risk and/or Compliance function
• Relevant industry and technical skills and experience, with an ability to provide strategic leadership where required.
• Knowledge of IT Strategy Management
• Comprehensive risk management skills encompassing the regulatory, governance, risk and compliance landscape.
• Understanding of Enterprise Risk Management (ERM), Own Risk and Solvency Assessment (ORSA) and Solvency Assessment and Management (SAM) practices and philosophy and relevant local legislation and regulations impacting risk management
• Knowledge of project management principles 

Duties & Responsibilities

• Build strong relationships with internal and external stakeholders at all levels as well as senior executives and the wider Risk, Legal and Compliance community to remove hurdles and obstacles and co-create an empowered and risk-aware culture
• Engage with GRIT Executive / leadership team to help them to grow their areas by giving them risk support and guidelines, ensuring they are operationally sound and managing compliance with regulations
• Engage with Group IT to advise them on the risk profile and to keep them in the loop of issues that need to be escalated
• Engage with Risk, Legal and Compliance teams to co-create appropriate and effective controls across the risk spectrum
• Formulate risk appetite statements for the various risk domains.
• Assess the I&O risk profile in accordance with the appetite statements.
• Develop remedial plans with risk owners to manage risks to desired levels on an ongoing basis.
• Ensure appropriate oversight over I&O’s information assets and data integrity processes.
• Oversee on-going improvements and the feasibility of system developments and enhancements.
• Promote sound governance principles around decision making.
• Oversee the management of regulatory and compliance related requirements.
• Aggregate and produce risk reporting on key risks and chair the appropriate I&O risk committee.
• Provide engagement into major change programs delivering appropriate risk expertise.
• Actively manage risks in accordance with the organisations stated risk framework. Ensure risks are properly assessed; evaluated, recorded and remedial plans are agreed and monitored to completion.
• Continually liaise with individual risk owners to understand, manage, and optimise end-to-end risk identification, assessment, monitoring, quantification, treatment, and reporting processes
• Continuously monitor and evaluate the Group IT overall risk profile across the risk spectrum, including the dentification of strategic, financial, and business risks
• Pull the Group IT risk picture together (financial risks, operational risks, and legal and compliance views) to provide a combined assurance view to the CAF (Combined Assurance Forum)
• Ensure the GRIT audit plan speaks to the risks identified in the risk plan.
• Apply analytical and connective thinking skills to question and interrogate issues from different perspectives.
• Communicate clearly and concisely, showing courage in being willing to challenge, particularly up-the-line.
• Review working risk strategy in the light of changing requirements and monitor the implementation thereof.
• Enhance relationships between own function and key internal and external stakeholders to improve reporting and wider understanding of the GRIT risk profile.