Primary Purpose
To assist with the facilitation and monitoring of effective IT Risk Management throughout the Bank – which includes the identification, measurement, control and minimization of loss associated with IT related risks within the environment.
TECHNICAL REQUIREMENTS
Strong analytical, problem-solving, and communication skills are vital for collaborating with stakeholders and ensuring ongoing risk monitoring.
An IT Risk Analyst must possess strong technical skills in cybersecurity, network, system, and application security, along with a solid understanding of risk management frameworks (e.g., NIST, ISO 27001), and regulatory compliance (e.g., PCI-DSS, POPIA, and GDPR).
Proficiency with risk management tools, SIEM systems, and vulnerability scanners is essential, along with the ability to conduct thorough risk assessments, develop mitigation strategies, and respond to incidents.
Minimum Requirements
Qualifications
B Com Degree (majoring in Risk management/ Auditing and/or Accounting)
CRISC certification
ISO 27001 Foundation
Ideal
B. Com Degree
Certified ISO 27001 Lead Implementer
Minimum Experience
2 to 4 years' IT Risk/IT Internal Audit experience within the banking industry OR
2 to 4 years' experience within the banking industry (with a general understanding and awareness of the functioning of key functions within the banking industry).
Basic understanding of relevant risk/information security methodologies such as ISO, NIST and PCI-DSS.
Knowledge of regulatory requirements.
Excellent written and verbal communication skills.
Computer literate, with intermediate-level Word and Excel processing skills.
Self-starter/take initiative/ "think differently".
Continuous improvement of day-to-day tasks and deliverables.
Innovative with attention to detail.
Self-motivated and performance driven with positive and constructive interaction with direct and indirect team members within the Bank.
Duties and Responsibilities include but not limited to:
FINANCIAL MANAGEMENT
Reduce operating costs through process efficiency and innovation.
STAKEHOLDER RELATIONSHIP MANAGEMENT
This involves working closely with various departments such as IT, Compliance, Legal, and Internal Audit to identify, assess, and mitigate IT risks, ensuring alignment between risk management strategies and business objectives.
Effective collaboration across these functions is crucial for a holistic approach to managing IT risks and for ensuring that all relevant stakeholders are engaged and informed throughout the risk management process.
CUSTOMER CENTRICITY
Establish and maintain positive relationships with members of all Departments/Business units within the Bank.
Establish and maintain a positive presence of the IT Risk function in all Departments/Business Units by fostering constructive professional relationships with all team members.
Build and maintain solid and good relationships with Bank Business Units, External Regulators and Auditors.
OPERATIONAL EXCELLENCE
Identify risks which might occur within the environment through continuous interaction with the relevant teams and follow-up with regards to IT Risk assessments performed.
Stay knowledgeable of current advances in all areas of Information Technology concerning vulnerabilities, security breaches or malicious attacks.
Identify vulnerabilities or weaknesses in systems.
Evaluate IT policies, processes and procedures for completeness and recommend any amendments and or improvements where required.
Ensure that controls are adequate to protect sensitive information systems within the environment.
Clearly document and define risks and potential impacts along with the statistical probability of such an event and identify systems affected by the defined risk/s.
Independently conduct ongoing IT Risk reviews at Departmental and/or Business level as per the IT Risk Framework and Policy in line with the pre-determined IT Coverage Plan.
Facilitate IT Risk assessments conducted by members of management of assigned Departments/Business Units within the Bank.
Recommend to management and facilitate the implementation of practical and mitigating strategies based on the results of IT Risk reviews and assessments.
Maintain the risk register for IT in Cherwell from an IT Risk perspective.
REPORTING
IT Risk Report.
Key Risk Indicator (KRI) Reporting.
IT Risk and Cyber Security Committee minutes, which includes the preparation and the distribution of the Committee agenda and action item list.
Operational Risk Committee Dashboard for IT.
This position is advertised in line with our commitment to Employment Equity.
#J-18808-Ljbffr
