IT Risk Analyst | Risk at Allan Gray Proprietary Limited

Role summary

• We are seeking a capable and motivated IT Risk Analyst to join our Risk team. The role focuses on identifying, assessing, and helping manage technology-related risks across the organisation. The position sits at the intersection of technology, data, and business operations. It requires someone who enjoys understanding how systems, data, and processes interact within a complex organisation, and who can translate that understanding into meaningful risk insights.
• The successful candidate will work closely with technology, security, and operational teams, building an understanding of the organisation’s systems, data architecture, and key business processes. The role requires thoughtful analysis, sound judgement, and the ability to raise questions or concerns in a constructive and collaborative way.
• As technology evolves rapidly, including developments in areas such as artificial intelligence, the role will also contribute to the team’s evolving approach to technology and AI risk governance. The position offers broad exposure to technology risk within a financial services environment and provides an opportunity to grow into deeper expertise over time.

How We Think About Risk

• In our environment, effective risk management requires more than the application of frameworks and controls. It requires curiosity about how systems and processes interact, thoughtful analysis, and the ability to form balanced judgements in situations where there are rarely simple answers. While the role has a strong focus on IT-related risk, the successful candidate must adopt a broader enterprise risk perspective and actively contribute to general risk management initiatives across the business.
• We value individuals who take the time to understand how things work, who ask insightful questions, and who continuously develop their understanding as technology, regulation, and the broader business environment evolve.

Key responsibilities

• Identify, assess, and monitor IT and technology-related risks across the organisation.
• Support the development and maintenance of the organisation’s technology risk framework, policies, and controls.
• Work with technology, security, and operational teams to understand systems, processes, and controls and identify potential areas of risk.
• Develop an understanding of how core systems and data architecture support key business processes, including fund operations and fund accounting.
• Translate complex technical issues into clear and practical risk insights for stakeholders.
• Conduct risk assessments relating to technology initiatives, systems, and third-party service providers.
• Track and monitor remediation actions arising from risk assessments and control reviews.
• Monitor developments in emerging technologies and contribute to the team’s understanding of how these may affect the organisation’s risk landscape.
• Contribute to the development of risk approaches relating to new technologies, including artificial intelligence.
• Prepare and contribute to monthly and quarterly risk reporting to management and governance forums.
• Willing and able to contribute to broader risk initiatives beyond IT-related incidents and assessments, including cross-functional and strategic risk projects.
• Promote a constructive risk culture through thoughtful engagement and well-considered challenge.

Qualifications and experience

• Degree in Information Systems, Computer Science, Risk Management, Audit, Finance, Engineering, or a related field. 
• 4 –10 years of relevant experience in IT risk, technology risk, information security risk, IT audit, or a related field.
• Experience in financial services or another regulated environment is advantageous.
• Demonstrated understanding of IT systems, technology environments, or technology-related risk.
• Familiarity with IT control or risk frameworks such as COBIT, ISO 27001, or NIST is advantageous.
• Professional certifications such as CISA, CRISC, CISSP, CISM or similar are advantageous.  
• Advantageous: Fluency in a coding language such as SQL or Python, with the ability to interrogate data independently. 
• Advantageous: Proven experience using Power BI (or similar BI tools) to build dashboards and risk reporting packs.
• Experience in data analysis and presentation for reporting purposes (e.g., trend analysis, incident reporting, risk dashboards, executive-level reporting).
• Advantageous: Demonstrated experience engaging with artificial intelligence technologies, including evaluating or using AI tools, and an ability to assess and articulate the related risk implications.

Competencies and attributes

• Strong analytical thinking: Able to interpret and synthesise large volumes of information, identify patterns, and distil meaningful insights. 
• Strong data literacy, including the ability to extract, manipulate and analyse data for risk monitoring and reporting purposes. Ability to translate complex data into clear, decision-useful insights for management and governance forums.
• Conceptual and systems thinking: Able to understand how systems, data, and processes interact and identify risks across interconnected environments.
• Problem solving: Comfortable working through complex or ambiguous issues and identifying practical solutions.
• Continuous learning mindset: Demonstrates intellectual curiosity and a proactive approach to staying informed on emerging technologies, regulatory developments, and industry trends. Shows a strong ability to learn new tools, technologies, and concepts and apply them effectively in practice.
• Technology literacy: Comfortable engaging with technology teams and able to understand core IT concepts, systems, and architecture in order to interpret technology-related risks.
• Understanding of data environments: Able to develop a working understanding of data architecture, data flows, and data structures.
• Business and operational awareness: Able to understand how technology and data support operational processes, including areas such as fund operations and fund accounting.
• Constructive influence: Builds credibility through strong thinking and delivery and engages stakeholders with thoughtful, well-timed challenge that supports sound decision-making.
• High emotional intelligence: Builds strong relationships and engages stakeholders in a collaborative and respectful manner.
• Portfolio and workload management: Structured, disciplined, and reliable in independently managing multiple risk portfolios or workstreams simultaneously, while maintaining oversight and consistent follow-through.
• Proactive mindset: Anticipates issues and takes initiative to improve risk visibility and control effectiveness.
• Willingness to develop a foundational understanding of business continuity and organisational resilience concepts, in order to contribute meaningfully to integrated risk assessments that consider IT dependencies and operational resilience.

Attributes:

• Intellectually curious with a strong desire to continuously learn and improve.
• Able to process complexity and bring clarity to ambiguous situations.
• Thoughtful and balanced in forming judgements.
• Collaborative and approachable while maintaining independence of thought.
• Strong sense of ownership and accountability.
• Comfortable operating in a demanding, performance-driven environment.
• Comfortable working across operational, regulatory and strategic risk themes.
• Adaptable and flexible, comfortable operating in a continuously evolving environment where priorities may shift, while maintaining discipline, structure, and follow-through.