IT Risk Specialist at Discovery Limited

Key Purpose of the role

This position will report to the Head of IT Risk. The successful candidate will be required to facilitate and assist in the development and implementation of an end to end risk management programme for the Discovery Group in respect of Information Technology and Project risk disciplines and contribute to the development and risk management activities at Group level. The portfolio is subject to change as the need requires and currently includes all entities and operations within the Discovery Group both locally and internationally.

Areas of responsibility may include but not limited to
Required

• The successful candidate will be required to perform but not limited to the following key outputs in respect of the IT and Project risk portfolio

IT Risk Management

• Implement the overall risk management programme and processes for the relevant portfolio on par with best practice. This would include the following:
• Facilitate and assist in the development, maintenance and roll out of the risk management programme and the maturity risk management practices across the Group
• Effectively utilise the GRC system
• Establish and maintain up to date risk universes, risk registers and risk profiles
• Establish, implement and monitor risk appetites and key risk indicators
• Create and maintain a control and process library
• Train and roll out of the new and existing policies, frameworks and registers
• Provide support, education and training on risk management principles to build awareness of IT risk
• Identify and communicate improvements required to mature the risk and control environment
• Co-ordinate and work with other risk officers ensuring that group risks are considered and that effective communication and sharing of knowledge takes place for risk management across the group to be applied effectively
• Ensure combined assurance activities and updates are carried out as required
• Participate in and Co-ordinate staff in alignment with group wide activities and ad hoc risk requests from the Head of IT Risk
• Assist the Head of IT Risk on any risk activity requested on an ad hoc basis
• Manage the process of identifying and assessing risks that may pose a threat to the achievement of business objectives. This could include the following:
• Facilitate risk workshops for principal and strategic risks
• Establish and define “risk appetite” for the various risks identified
• Risk event identification, reporting, analyses and investigation
• Risk and control assessments
• Deep dives and independent risk reviews on key inherent, residual and high impact risks, processes and scenarios
• Emerging risk reviews and assessment through data analysis and trending
• Compiling risk reports and dashboards based on the output of assessments performed
• Updating risk portfolios and registers
• Reporting of Risk to various audiences, such as Manco’s, Exco’s and other boards or forums for them to understand their accountability for the risks
• Monitoring, evaluating and challenging the various areas in success or failures in managing their risk. This could include the following:
• Following up with Risk champions and first line risk officers on monthly progress
• Demonstrate value add of risk activities to business needs and objectives
• Build capacity within the appointed first line roles by providing guidance, training, support and challenge of risk outputs from the first line
• Ensure that the IT risk system is fully utilised by first line to adequately and effectively manage their portfolio as well as the required business users

Project risk Management

• Execute the operational plans and management of IT and Projects portfolio as well as improving the maturity of the project risk programme in order to deliver on the full requirements of the ERM framework. This includes the following:
• Facilitate and assist in the development, maintenance and roll out of the project risk framework and the maturity of project and change risk management across the Group
• Monitor and report on the top 10 to 15 high impact projects across the Group
• Facilitate change and project risk workshops and processes and build capacity in the business to apply the project risk framework
• Identify high impact projects across the Group and maintain the register of high inherent projects
• Co-ordinate with risk officers in first and second line providing support for monitoring projects not overseen by the project risk specialist
• Review and challenge project and change risk assessments conducted by first line and business
• Prepare dashboards and reports on projects as required for various audiences and in accordance with the specific timelines
• Identify and report risk incidents arising from project risk oversight

Governance, Risk and Compliance (GRC) system

• Develop appropriate dashboards and reports for various levels of risk reporting
• Assist with strategic planning through intelligence derived from the system
• Manage outputs of combined assurance effectively through the system
• Produce and maintain process and data flows
• Act as the champion for the integrated system
• Administer other third party applications as required
• Train and support all users of the system

Data Analysis and Report Automation

• Manage and implement automated reporting to achieve efficiency in risk management activities, processes and reporting. This could include the following:
• Analyse information or data in a structured and reusable format
• Create and present dashboards of data analysis outputs
• Incorporate data analysis to proactively identify risks based on the risk universe
• Link risks currently on the register to data specific matrices that can be analysed using data
• Automate reports from information contained within the GRC system as well as various different other sources
• Identify new and improved ways of using data analytics to improve risk management oversight of the business environment
• Analyse IT related Incidents for trending, impact and root cause perspective

 

Competencies
The successful candidate must demonstrate the following competencies

• Takes initiative and works under own direction with the ability to make quick, clear choices which may include tough choices or considered risks
• Upholds ethics and values and demonstrates integrity
• Shows respect for the views and contributions of others.
• Demonstrates a willingness to share information
• Strong negotiating and influencing skills
• Excellent communication skills. The candidate should speak fluently and be able to write in a well-structured and logical manner
• Demonstrates an understanding of different organisational departments and functions
• Ability to analyse and assess various data and break them into component parts, patterns and relationships
• Sets high standards for quality and quantity and can work in a systematic, methodical and orderly manner
• Adapts to changing circumstances
• Handles criticism constrictively and learns from it

 

Education And Experience

• Minimum IT degree level education (BCom or BSc in information systems or computer science) with either CISA or CRISC
• Preferable post graduate IT risk qualification and/or project management (PMP/Prince 2 accreditation)
• Minimum 5 years of experience in an IT enterprise risk environment
• Must have advanced experience and knowledge of the full Cobit and ITIL frameworks as well as IT infrastructure, systems and IT governance
• Must have experience in project risk management and systems implementation
• Must have experience in data analytics using specific tools such as Power BI, IDEA, ACL or SQL
• Relevant legislative knowledge
• Advanced knowledge of Excel, Word, PowerPoint, Power BI and Teams