IT and Information Risk Analyst at Investec Asset Management

You will form an integral part of the 2LoD function, responsible for providing an independent opinion on the management of information and technology risk across the business, challenging areas of mitigation or control weakness, and identifying and coordinating assurance activities based on the current and future risk profile of the business. You will partner with risk managers and control owners in the business, oversight colleagues in risk and compliance, and the third line internal audit team.

•     SME insight, advice and understanding of IT risks across the group
•     Knowledge of new technologies and associated vulnerabilities and risks
•     Familiarity with information, technology and cyber risk within financial services
•     Facilitate maintenance and ongoing enhancement to the risk management framework
•     Ensure alignment of the framework with industry best practice and regulatory requirements
•     Oversee execution of the framework to ensure it is consistently implemented in the business
•     Assist in integrating the framework with the operational risk universe (e.g., BASEL, ORX)
•     Execute independent monitoring of controls and the prevalent business risk environment
•     Recommend improvements to ensure that risks are kept at acceptable levels
•     Track and review remediation actions related to key risk exposures and controls
•     Assist in monitoring compliance with technology policies and standards
•     Develop, collect and analyze relevant MI and KRI's to support monitoring processes.
•     Oversee the effectiveness of the group's security architecture and controls
•     Identify thematic concerns or control deficiencies that impact the security posture
•     Analyze security weaknesses identified through pen testing and red teaming processes
•     Keep abreast of significant new threats, vulnerabilities, and external events
•     Monitor external industry, legal and regulatory developments (e.g., IT, cybersecurity, privacy)

Other responsibilities

•     Attend and participate in relevant governance forums and committees
•     Conduct thematic or issue-based deep dives / ad-hoc assessments of pertinent risks
•     Review and form an independent risk opinion on major incidents
•     Provide input into organisational resilience and third-party risk management processes
•     Interface and partner with 1LoD risk managers and security officers

The Result 

• Minimum 5 years' experience in IT risk management, information security or cybersecurity, preferably in the financial services industry
• Solid understanding of technical, procedural and administrative IT controls
• Practical experience with risk / security tools, techniques, and technologies
• Knowledge of relevant frameworks and standards (e.g., ISO27001, SANS, NIST)
• Independent judgment with strong analytical skills
• Out-of-the-box thinking in regard to identifying and evaluating risk
• Resolute character and the ability to challenge and foster robust, constructive debate
• Effective interpersonal skills and the ability to develop positive relationships
• Ability to work independently and proactively, and be a team player