IT Risk Manager - Centurion at OUTsurance

Job Description

• Any business is exposed to a variety of risks. An IT Risk Manager is a key role in the Risk Management Department to enable management and risk owners to identify and mitigate those risks. The purpose of the role is to be part of a team that facilitates a comprehensive process for identifying, assessing, mitigating, monitoring and reporting on risks that the Group face or may face in line with the Group Risk Management Strategy.
• The IT Risk Manager reports to the Head of Risk Management South Africa, managing an IT Risk Specialist and working with other Risk Managers and Risk Specialists in the team.
• Amongst the other requirements noted here, the successful candidate will require a good understanding of the business activities of our Group and will be able to demonstrate a passion for and a keen interest in IT Governance, IT Support, IT Development and Cybersecurity risk management.

Key outputs will include the following:

• Facilitate and plan workshops with department managers and heads (first line of defence risk owners) to identify, categorize, assess and rate IT-related risks;
• To pro-actively identify potential risks in addition to the above processes, providing second line risk monitoring, challenge and review and ensuring that effective risk management processes are in place for IT related risks;
• To ensure the risks as mentioned above are captured on the risk management system and to maintain the register of risks through regular updates and workshops;
• Analyze different reports to identify risks and controls within each department;
• To report to the Head of Risk Management on the IT Risk Registers;
• Monitor effectiveness of controls, identify and monitor Key Risk Indicators in relation to approved risk appetite;
• To collaborate with other risk management teams in SA and across the Group for risk reviews, system or best practice information sharing or projects;
• Submit monthly and quarterly detailed reports of IT risk projects and risk profiles and submit an annual IT and Cyber Security report as part of the Group’s Own Risk and Solvency Assessment report;
• Co-ordinate and/or participate in IT related Regulatory information requests, questionnaires, reports, on-site meetings and presentations;
• To maintain awareness and understanding of the relevant Industry or IT related Standards, and Regulatory requirements with a view to apply these in risk management practices, assessments and ultimately to provide guidance to first line risk owners where policies, processes and procedures must be updated accordingly, this includes to provide comments and input where relevant into changing regulatory requirements;   
• Monitor, assess, quantify and report on risk events;
• Identification, calculation and reporting of operational losses, especially related to Information Security, IT Development and IT Support;
• Facilitate the weekly Information Security monitoring; and
• Develop and maintain knowledge and insights of the business and external environments.

Combined Assurance

• Attend various relevant company forums and meetings and actively participate in the activities;
• Interact with various stakeholders, including management, Internal Auditors, Compliance and Quality Assurance teams;
• Relationship building with internal and external stakeholders; and
• Maintain a high level of understanding of possible risks and procedures in each department.

Risk Management Reporting

• Submit monthly and quarterly detailed reports of risk profiles, operational incidents, IT project risks, and losses; submit an annual IT and Cyber Security report as part of the Group’s Own Risk and Solvency Assessment report; and
• Provide input to reports to relevant committees, including but not limited to the Internal Risk Committee, Board reports and Audit, Risk and Compliance Committee.

Special Reporting and Other projects
Participate as an individual or as part of a project team on special projects such as:

• Environmental, Social and Ethics (ESG) report; and
• Own Risk and Solvency Assessment (ORSA).

 
Qualifications
Essential

• Information Technology or Risk Management degree/qualification or currently studying towards an Information Technology or Risk Management qualification;
• 5 to 15 years of experience within an IT/Risk environment;
• A strong technical background and knowledge of IT governance, services, processes, and assurance; and
• Proficient in MS Office Suite.

Advantageous 

• Experience in IT Risk Management; and
• Certifications (ISACA - CISM, ISACA - CISA, ISACA – CRISC, COBIT Foundation, ITCA Cybersecurity Fundamentals Certificate).

Competencies & Attributes

• Good interpersonal relationships;
• Ability to operate and think independently;
• Problem-solving;
• Decision making;
• Attention to detail;
• Ability to meet deadlines and set priorities;
• Organizing and planning;
• Ability to work under pressure;
• Ability to learn quickly;
• A good sense of judgement;
• Strong written and verbal communication skills;
• Self-disciplined and self-motivated;
• An analytical thinker;
• Takes ownership and responsibility; and
• Must maintain strict confidentiality and integrity.