Key Performance Areas
Risk Management
Conduct comprehensive risk assessments to identify and analyse potential risks associated with IT systems, processes, and projects.
Develop and implement risk mitigation strategies and controls to minimize the likelihood and impact of identified risks.
Manage exposures, insurance, legal/ regulatory requirements, cost justifications, vendor agreements, and business continuity.
Business Continuity and Disaster Recovery
Contribute to business impact analysis and align IT continuity plans accordingly.
Develop and implement standard risk assessment, business impact analysis, and BCM tools and capabilities.
Facilitate insurance and vendor agreements for disaster events.
Incident Response and Crisis Management
Maintain incident response plans and procedures to effectively respond to and recover from IT incidents and disruptions.
Participate in crisis management exercises.
Third Party Risk Management
Evaluate and manage risks associated with third-party vendors, suppliers, and service providers.
Assess third party security controls, contractual obligations, and service level agreements to mitigate risks and ensure compliance with IT policies.
Cloud Services Risk Assessment and Mitigation
Conduct risk assessments for cloud services, develop mitigation strategies, and manage relationships with cloud service providers.
Evaluate and manage relationships with cloud service providers, ensuring that contractual agreements, service level agreements (SLAs), and security commitments meet the organization's requirements.
Oversee change management processes for cloud environments.
ICT Compliance
Collaborate with IT teams and business units to ensure that information technology systems and services meet risk management and compliance objectives.
Conduct regular audits and assessments of information technology systems and services to ensure that they are secure and meet compliance requirements.
Ensure a compliance framework is maintained in accordance with required standards.
Policy Review and Implementation
Contribute to the development and implementation of departmental policies, standards, procedures, and processes.
Stay updated with effective policy execution strategies.
Reporting
Define key performance indicators (KPIs) and metrics to measure the effectiveness of IT Risk processes and controls.
Prepare status reports on IT BCM matters, measure BCM program maturity, and publish DR program reports.
Monitoring risk indicators, tracking risk treatment actions, and generating regular reports and dashboards to communicate risk status to senior management and stakeholders.
Stakeholder Management
Foster proactive relationships with key stakeholders and address inquiries and requests for information.
Maintain relationships with Enterprise Risk function, Auditors, service providers, and procurement teams.
Qualifications and Experience
Bachelor's Degree/ Advanced Diploma in Information Technology/ Risk Management related qualification
ITIL will be an added qualification.
Relevant 5 - 7 years' experience in a Risk Management or an Information Technology related environment.