IT Risk Specialist at Hollard Insurance

Job Advert Summary    

• Hello…an exciting new opportunity has just become available in our HINT, Risk & Compliance  area. We are looking to recruit a It Risk Specialist.
• The IT Risk Specialist as a second line of defence role will be responsible for assisting HINT subsidiary teams with maturing the internal control environment through the embedding of adequately designed and effectively operating IT controls. Key focus areas will include IT Governance risk assessments, IT general controls, continuous monitoring and related controls self-assessments.
• The  IT Risk Specialist will execute specialised IT risk assessments in line with best practice frameworks COSO, COBIT, SANs 18 and DMBOK and apply a risk-based prioritisation approach in implementing IT Risk Management plans across all Hollard International operations. Risk support to HINT country operational business unit functions will comprise evaluating operating effectiveness assessments for IT governance, ITGC’s and IT security to enable the achievement of a satisfactory control IT control environment.

Operational / Technical:

• IT risk assessments in accordance with the approved HINT ERM framework.
• Arrange and attend risk assessment kick-off and close-out meetings.
• Develop a sound understanding of business processes, risks and controls including relevant regulatory and accounting issues.
• Assesses the design adequacy and effectiveness of the control environment and identify control gaps and opportunities for continuous improvement.
• Perform strategic digital reviews across information technology areas such as, data governance, disaster recovery and business continuity.
• Identify process, information and control gaps and seek additional information if necessary.
• Document detailed working papers.
• Document findings and discussion with client in terms of factual correctness – asks for support where necessary.
• Review own working papers for quality and completeness before sending to the Head of Risk and Compliance for review.
• Ensure all review queries are cleared within a reasonable timeframe (expectation 48 hours).
• Focus on problem solving/high risk areas during the audit.
• Communicate any delays or difficulties experienced for corrective action.
• Track risk assessment process status for allocated areas of responsibility and effectively communicate any anticipated challenges, delays, etc.
• Communicates knowledge gained throughout the audit engagement and/or otherwise with the team members.
• Conduct the review of review of controls self-assessments performed by operational teams.
• Present training on ITGC to HINT operational business unit teams.
• Assisting HINT subsidiaries and Risk officers with IT Governance risk assessments including Data Governance.
• Developing Information Technology General Controls (ITGC’s) control self-assessments for the HINT subsidiaries.
• Supporting HINT subsidiaries with the enablement of Continuous Controls Monitoring (CCM) through validation and clearing of exceptions and data quality validations.
• Periodic testing of for segregation of duties, user access management, and change management.
• Stakeholder Engagement:
• Effectively build and maintain rapport and maintain business relationships with process owners and stakeholders.
• Professional and effective communication.

Reporting:

• Ensure that information generated is accurate, valid and comprehensive prior to review and/or reporting
• Draft and discuss own findings for inclusion in risk reports.
• Take responsibility to clear and finalise all own reported findings/reporting points.
• Assisting HINT subsidiaries with all Risk Management system related queries and reporting.
• Maintaining IT Risk reporting dashboards provision of periodic reports.

Financial:

• Manage time in line with the allocated budget and communicate any potential delays or overruns to management.

Required Knowledge and Experience    

• At least 4 years IT audit experience (not limited to IT general control reviews).
• Demonstrate an understanding of risk management, auditing standards and procedures
• Experience in managing stakeholders and completing the full audit lifecycle (planning, fieldwork and reporting).

Knowledge

• Risk based audit methodology.
• Knowledge of COBIT, ITIL, COSO and related frameworks.
• Computer infrastructure, networks, basic security and IT controls
• Advanced understanding business continuity and disaster recovery.
• Intermediate understanding of IT, data and privacy related legislation/regulation.
• Basic business and financial understanding.
• Basic insurance knowledge (an advantage).

Skills

• Effective written and verbal communication skills (business acumen).
• Ability to effectively influence across all relevant levels within the business unit, including senior and middle business management.
• High attention to detail.
• Excellent time management.
• Good report writing and presentation skills.
• Ability to identify strategic issues through critical reasoning.
• Ability to effectively plan and set priorities for self and engagement team.
• Ability to take a holistic view of the organisation in evaluating risks.
• Good conflict management skills.
• Excellent analytical and problem-solving skills
• Customer focused with strong interpersonal skills

Educational Requirements    

• Bachelor Degree in Information Technology, Internal Auditing, or related field
• Professional qualification relevant to IT auditing
• One or more of the following certifications:
• Certified Information Systems Auditor (CISA).
• Certified Internal Auditor (CIA) / Professional Internal Auditor (PIA).

Technical Competencies:

• Microsoft Office (advanced).
• General IT Controls (advanced).
• IT governance (advanced).
• IT Architecture (basic).
• IT security (intermediate).
• Computer networks (basic).
• Infrastructure and architecture (basic).
• Database structures (basic).
• Programming/scripting (basic).
• Risk management (intermediate).

Deadline:30th January,2025