IT Risk Manager at Santam Insurance

KEY RESPONSIBILITIES
The primary responsibility of the IT Risk Manager:

• Define and implement the Framework for the Management of IT Risk in alignment with the System of Governance for IT across the Santam Group. 
• Assist in designing and implementing policies, standards, and procedures to protect sensitive data and ensure operational continuity. 
• Identifying, monitoring and responding to incidents, and advising management on mitigation strategies. 
• Prepare the Santam Group IT Governance, Risk and Information Security Report for the Santam Risk Committee and Board. 
• Prepare the IT-related risks, including the top 10 to the SGT Audit and Risk Forum. 
• Ensure that outstanding IT Audit findings (internal and external audit findings) within STS are constantly followed up on and driven to resolution. 
• Conduct regular training and awareness sessions (in person, virtual or training material) regarding IT risk management and the roles the various parties play in the management of IT Risk.

QUALIFICATIONS AND EXPERIENCE

• Relevant Bachelor’s Degree, e.g. B.Com (Information Systems) in the related field, or
• Equivalent work experience in the field
• 3 to 5 years IT Audit / IT Risk Management work experience
• CISA / CRISC / CGEIT or similar certification will be advantageous 

COMPETENCIES

• Influence and Communication
• Collaboration and Teamwork
• Adaptability and Continuous Learning
• Learning Agility
• Cultural Influence and Education
• Regulatory and Compliance Knowledge
• Conflict Resolution and Negotiation
• ADDITIONAL COMPETENCIES AND SKILLS

Technical Proficiency:

• Risk Assessment: Proficiency in conducting thorough IT risk assessments, identifying weaknesses, and evaluating potential risks.
• Technical Compliance: Strong understanding of industry standards, regulations, and best practices such as Cobit, ISO 27000 series, applicable Joint Standards, ITIL and King IV
• Report Writing: Excellent report writing skills
• Presentations: Proficiency in building PowerPoint decks to assist in conveying key messages

Risk Expertise:

• Risk Management: Skill in assessing and prioritising risks, as well as developing and implementing risk mitigation strategies.
• Communication and Collaboration:
• Stakeholder Engagement: Strong communication skills to engage with executives, technical teams, and non-technical stakeholders about risk matters.
• Cross-Functional Collaboration: Ability to collaborate with IT, legal, compliance, and business teams to integrate security practices across the organization.
• Problem Solving and Decision Making:
• Analytical Thinking: Proficiency in analysing complex issues, assessing potential impacts, and making informed decisions.
• Critical Thinking: Capability to evaluate incidents and risks to devise effective solutions.