KEY RESPONSIBILITIES
The primary responsibility of the IT Risk Manager:
Define and implement the Framework for the Management of IT Risk in alignment with the System of Governance for IT across the Santam Group.
Assist in designing and implementing policies, standards, and procedures to protect sensitive data and ensure operational continuity.
Identifying, monitoring and responding to incidents, and advising management on mitigation strategies.
Prepare the Santam Group IT Governance, Risk and Information Security Report for the Santam Risk Committee and Board.
Prepare the IT-related risks, including the top 10 to the SGT Audit and Risk Forum.
Ensure that outstanding IT Audit findings (internal and external audit findings) within STS are constantly followed up on and driven to resolution.
Conduct regular training and awareness sessions (in person, virtual or training material) regarding IT risk management and the roles the various parties play in the management of IT Risk.
QUALIFICATIONS AND EXPERIENCE
Relevant Bachelor's Degree, e.g. B.Com (Information Systems) in the related field, or
Equivalent work experience in the field
3 to 5 years IT Audit / IT Risk Management work experience
CISA / CRISC / CGEIT or similar certification will be advantageous
COMPETENCIES
Influence and Communication
Collaboration and Teamwork
Adaptability and Continuous Learning
Learning Agility
Cultural Influence and Education
Regulatory and Compliance Knowledge
Conflict Resolution and Negotiation
ADDITIONAL COMPETENCIES AND SKILLS
Technical Proficiency:
Risk Assessment: Proficiency in conducting thorough IT risk assessments, identifying weaknesses, and evaluating potential risks.
Technical Compliance: Strong understanding of industry standards, regulations, and best practices such as Cobit, ISO 27000 series, applicable Joint Standards, ITIL and King IV
Report Writing: Excellent report writing skills
Presentations: Proficiency in building PowerPoint decks to assist in conveying key messages
Risk Expertise:
Risk Management: Skill in assessing and prioritising risks, as well as developing and implementing risk mitigation strategies.
Communication and Collaboration:
Stakeholder Engagement: Strong communication skills to engage with executives, technical teams, and non-technical stakeholders about risk matters.
Cross-Functional Collaboration: Ability to collaborate with IT, legal, compliance, and business teams to integrate security practices across the organization.
Problem Solving and Decision Making:
Analytical Thinking: Proficiency in analysing complex issues, assessing potential impacts, and making informed decisions.
Critical Thinking: Capability to evaluate incidents and risks to devise effective solutions.
