IT Risk Officer
|Location||Recruitment Agency / Vacancy in SA. Cape Town|
A leading financial services company in Cape Town is looking for an IT Risk Officer.
• Drive the adoption and implementation of IT best practice control frameworks and standards such as COBIT, and ISO2700, to a level of maturity required by the business.
• Drive the implementation and embedding of Group’s risk management framework for IT functions within the Group, which includes:-
• Facilitate the performance and maintenance of IT risk and control assessments in line with Group risk methodologies and tools.
• Perform independent second line of defence oversight over IT risks and challenge risk owners in relation to the adequate and effective management of IT risks.
• Perform oversight over the identification, reporting and escalation of IT related risk events, including root cause analysis and remediation.
• Provide meaningful input and monitor the effective and timely implementation of management actions to address any control weaknesses identified through risk and control assessments and risk events.
• Prepare risk reports and perform second line of defence escalation of risks in line with Group policy requirements.
• Perform maturity assessments based on the COBIT framework.
• Assist management with the formulation and maintenance of IT risk policies, and provide meaningful input into Group policies and standards, and also ensure policy application is fit for purpose. Also, facilitate the effective implementation and embedding of IT risk policies and independently monitor compliance with such policies, including overseeing and challenging the outputs of half yearly policy compliance assessments performed by the business.
• Challenge risk management information received from the business and provide meaningful input to management on where IT risk management processes and controls can be improved.
• Assist IT management with liaison with Group Internal Audit to ensure audits are appropriately co-ordinated and audit coverage is relevant and provides the necessary assurance regarding the effective operation of the IT control environment across the Group. Includes ensuring that appropriate management actions are taken to adequately address any findings raised, as well as to monitor the effective and timely implementation of agreed remedial actions, and to report on the resolution status of findings.
• Perform oversight over the logical access review process to ensure these reviews are completed and effectively performed in line with set timelines.
• Ensure that programmes to maintain awareness of information security and information technology policies (includes code of conduct) are established and actioned.
• Maintain, categorize and regularly conduct risk assessments on third parties and external service providers.
• Participate on IT specific projects and business projects (where IT is a key part of the design) to provide meaningful input on the effective management of risk exposures.
• Liaison with peers on IT risk management, policies and execution strategies, and provide constructive input in this regard, as well as ensure appropriate adoption.
• Support the Head of Enterprise Risk with the execution of the ERM framework and associated risk management initiatives undertaken across the business, including the performance of independent risk oversight and challenge on the effective management of business risks.
Basic Job Requirements:
• Competent understanding illustrated if the industry IT control frameworks and standards, including COBIT, ISO27001 & 2.
• 5-10 years of IT risk or IT security-related experience. Certified in at least one of the following: CISSP/CISA/CISM/CRISC/GIAC.
• Experience in IT for large financial services organisations.
• Experience in the development of IT related dashboards and metrics.
• Reporting competency – the ability to translate technical issues into business risks.
• Thorough understanding of King III.
• Experience in Enterprise Risk Management would be beneficial.
Should you meet the requirements for this position, please email your CV to Megan on firstname.lastname@example.org or fax to 086 572 8877. You can also contact Megan on 031 350 4405.
Correspondence will only be conducted with short listed candidates. Should you not hear from us within 3 days, please consider your application unsuccessful.
Hire Resolve offers a R1000 for any candidate that is referred and placed through Hire Resolve. Hire Resolve also offers a R1000 job spec fee for any referral that results in a placement through Hire Resolve. If your company is looking for any IT, Finance or Engineering staff, please email us at email@example.com with the company name, a contact person and contact email or number of the person doing the hiring. We will keep the referral strictly confidential”
or email us: it.jobs(at)hireresolve.co.za