IT Risk Manager at Momentum Metropolitan Holdings Limited

Role Purpose    

• The IT Risk Manager is responsible for leading the identification, assessment, monitoring, and reporting of technology risks across the organisation, ensuring that technology risks are effectively governed in line with the Group Digital and Technology’s risk appetite, regulatory obligations, and strategic objectives.
• The role has primary accountability for IT and technology risk and secondary accountability for operational risks that arise from, or are enabled by, technology, data, automation, and system-dependent business processes.
• The incumbent will act as a key risk partner to technology, data, security, and business teams, translating technical risk into clear business impact for senior decision-makers.

Requirements    

• Bachelor’s degree in a relevant field (Information Systems / Computer Science / Informatics / Engineering / Accounting with IT focus, etc.)
• 5 years relevant experience in technology risk / IT audit / risk assurance, with at least 2–3 years in an audit firm (Big 4 or reputable mid-tier) strongly preferred.
• Demonstrated experience in:
• Technology risk assessments and controls testing
• Audit-style documentation and remediation tracking
• Senior stakeholder engagement and reporting
• Exposure to at least one of: AI/data programmes, cloud transformation, advanced analytics initiatives, or digital platform delivery.

Professional Certifications (advantageous)

• CRISC – Certified in Risk and Information Systems Control
• CISA – Certified Information Systems Auditor
• CISM – Certified Information Security Manager
• Other relevant governance, risk, or technology certifications 

Duties & Responsibilities    

Primary Accountability: IT Risk Management

• Lead enterprise-level IT and technology risk assessments across infrastructure, applications, cloud environments, data platforms, and digital solutions.
• Identify, assess, and monitor risks relating to:
• IT General Controls (access management, change management, IT operations)
• Application and automated controls

System availability, resilience, and recoverability

• Cyber and information security governance (in partnership with Security teams)
• Evaluate control design and operating effectiveness using audit-grade methodologies, including evidence standards, sampling, issue grading, and remediation tracking.
• Maintain a structured view of inherent risk, control effectiveness, residual risk, and risk acceptance.
• Ensure alignment of technology risk assessments to recognised governance and control frameworks (e.g. COBIT, ISO-aligned practices, NIST-informed approaches).
• Secondary Accountability: Technology-Enabled Operational Risk
• Identify and assess operational risks that are driven or amplified by technology, including risks arising from:
• System dependency and manual workarounds
• Process automation and digitisation
• Data quality and integrity
• Technology-supported decision-making and analytics
• Evaluate business process failure scenarios where technology breakdowns, control weaknesses, or poor system design could lead to:
• Financial loss
• Customer harm
• Regulatory breaches
• Operational disruption or service degradation
• Classify technology risks in line with the organisation’s Operational Risk taxonomy, ensuring consistency in impact, likelihood, and appetite measurement.
• Partner with Operational Risk and Business teams to ensure appropriate risk ownership, monitoring, and remediation for technology-enabled operational risks.

Emerging Technology, Data, and AI Risk

• Assess technology risks associated with emerging technologies, including AI, advanced analytics, data science, and automation initiatives.
• Support governance over AI and data-driven solutions
• Apply structured, recognised approaches to AI and data risk management
• Act as a risk advisor to technology and data teams during solution design and implementation, ensuring risks are identified early and managed pragmatically.

Risk Reporting and Senior Stakeholder Engagement

• Produce clear, concise, and decision-focused risk reporting for senior management, risk committees, and executive forums.
• Translate complex technology risks into business-relevant insights, highlighting:
• Key risk drivers
• Trends and emerging risks
• Control weaknesses and remediation status
• Potential operational and financial impact
• Provide input into enterprise risk profiles, ensuring technology and technology-enabled operational risks are accurately represented.

Audit Coordination and Support

• Act as a key technology risk contact for internal audit, external audit, and regulatory engagements.
• Support audit planning, walkthroughs, issue management, and remediation validation relating to technology and technology-enabled operational risks.
• Ensure audit findings and management actions are tracked, evidenced, and closed in line with agreed timelines and quality standards.

Risk Projects and Change Initiatives

• Participate as a technology risk lead on strategic initiatives and projects, including system implementations, cloud migrations, vendor onboarding, and digital transformation programmes.
• Assess technology and operational risks introduced by change and ensure appropriate controls, governance, and risk decisions are documented

Competencies    

Technical and Professional Skills

• Strong IT risk and controls expertise
• Sound understanding of technology-enabled operational risk
• Ability to assess complex systems and translate risk into business impact
• Structured analytical thinking and strong professional judgement

Communication and Leadership

• Clear, confident communication with senior stakeholders
• Collaborative and pragmatic approach to risk management

Personal Attributes

• High integrity and accountability
• Strong sense of ownership and follow-through
• Curiosity and willingness to continuously learn in evolving technology environments
• Calm, professional presence under pressure

Closing Date    

• 2026/02/12