IT Risk Manager - CenturionFull job descriptionIntroductionThrough our client-facing brands Metropolitan and Momentum, with Multiply (wellness and rewards programme), and our other specialist brands, including Guardrisk and Eris Property Group, the group enables business and people from all walks of life to achieve their financial goals and life aspirations.We help people grow their savings, protect what matters to them and invest for the future. We help companies and organisations care for and reward their employees and members. Through our own network of advisers or via independent brokers and utilising new platforms, Momentum Metropolitan provides practical financial solutions for people, communities and businesses. Visit us at www.momentummetropolitan.co.za Role PurposeMomentum Insure (MI) is looking for a highly motivated individual who is able to work at Information Technology (IT) management and MI leadership levels to ensure that IT risk within MI is well managed within the risk appetite of the business.The role will be positioned within the risk management function of Momentum Insure. The function’s purpose is to ensure that industry best practice risk management frameworks, controls and risk treatment plans are in place and executed and that the required monitoring of and reporting on IT risk exposure to the Chief Risk Officer (CRO) and the Chief Information Officer (CIO) occurs.The role is required to provide overall leadership, vision and direction to the IT risk management function by supporting the achievement of the business’ strategic objectives. The incumbent will be considered as the thought leader of IT risk and is expected to ensure that IT risks are appropriately assessed, measured, prioritized and reported to the relevant stakeholders. RequirementsExperience and Qualifications A relevant degree in Computer Science, Information Technology, Risk Management or equivalent at NQF level 8.At least 4 years in an IT or information security risk management roleReporting lineThis role will ultimately report to the Chief Risk Officer, with a dotted reporting line to the Chief Information Officer. The role will not have any direct reports but will be required to work closely with other members of the risk management function, as well as members of management. Duties & ResponsibilitiesTake overall accountability of the IT risk management function in Momentum Insure, ensuring that the objectives of IT risk management meets the business’ strategic objectivesDevelop, establish, and implement policies and frameworks for IT risk management, including the consideration of the necessary risk appetite statements and key risk indicatorsPerform and monitor IT risk assessments, which comprise identifying, assessing, measuring, prioritizing and reporting risks that may impact the businessWork closely with business and IT risk owners to co-create plans and solutions and ensure proactive risk management is embedded in the business / risk owners’ processesDevelop remedial plans with IT risk owners to manage IT risks to desired levels on an ongoing basisProvide assurance on material IT risk exposures to the Momentum Insure CRO and Executive CommitteeDriving the embedment of the applicable information technology regulatory and compliance standardsChallenging the IT risk profile through risk assessments and control adequacy reviewsReporting on IT risk exposures, the IT risk profile and associated mitigating plans to the relevant governance structures at a Momentum Insure and Momentum Metropolitan Holdings (MMH / Group) levelSubmission of the necessary quarterly IT risk assessments to Group ITAttending the Momentum Insure Risk Forum, the MMH IT Risk committee and any other quarterly governance meetings deemed appropriateLiaising with internal and external audit, thus managing all IT-related audits, including the tracking of IT-related audit findingsEnsure that regular (at least quarterly) Logical User Access Management assessment is completedEnsure quarterly SANS Top 20 is submitted to MMH IT SecurityIT subject matter expert as part of the third-party risk assessment and onboarding process within Momentum InsureSupport the Business Continuity Champion during the annual disaster recovery testing process, where deemed appropriate CompetenciesSkills and behavioural competencies Written and verbal communication skillsPresentation skillsInfluential and assertive, displaying self-confidenceNegotiation skillsRelationship managementAnalytical skills and attentive to detailPlanning and organising skillsUpholding standardsKnowledge Requires an in-depth knowledge of information technology issues, techniques and implications across a wide variety of existing information technology platformsIn-depth understanding of risk management practicesKnowledge of the relevant regulatory, legislative, governance, risk and compliance landscapes would be beneficial to the roleUnderstanding of Enterprise Risk Management (ERM) and Own Risk and Solvency Assessment (ORSA) practices and philosophies would also be beneficial to the role
