IT Risk Specialist at Discovery Limited

Key Purpose of the role

This position will report to the Risk Manager. The successful candidate will be required to facilitate and assist in the implementation of an end-to-end risk management programme for the business unit in respect of Information Technology, Security and Privacy risk disciplines.

Areas of responsibility may include but not limited to

• Facilitate and assist in the roll-out of the IT risk management framework and maturity of IT risk management practices within the business unit
• Capture required risk information onto the GRC system
• Develop appropriate dashboards and reports for various levels of risk reporting
• Monitoring and investigations of DLP events
• Enhance the DLP Dashboards by obtaining specific business process related information from business
• Establish and maintain an up-to-date IT risk register and IT risk profile
• Manage risk reporting in line with reporting cycles.
• Identify practical solutions to address control weaknesses and process deficiencies.
• Assess the validity of mitigation action plans provided by business and ensure completion thereof within the agreed time period.
• Implement and monitor IT risk appetites and key risk indicators
• Maintain the control and process library on BarnOwl for the business unit based on outcomes of audits, reviews and assessments
• Provide support, education and training on risk management principles to build awareness of IT risk
• Assist the Risk Manager on any risk activity requested on an ad hoc basis

Manage the process of identifying and assessing risks that may pose a threat to the achievement of business objectives. This could include the following:

• Facilitate risk workshops for principal and strategic risks
• Risk event identification, reporting, analyses and investigation
• Risk and control assessments
• Reporting of IT Risk to various audiences, such as Manco’s and Exco’s within the business unit for them to understand their accountability for the risks
• For business unit specific projects, follow the Group Project Risk Framework to manage and report on project related risks 

Personal Attributes and skills

• Takes initiative and works under own direction with the ability to make quick, clear choices which may include tough choices or considered risks
• Upholds ethics and values and demonstrates integrity
• Shows respect for the views and contributions of others
• Demonstrates a willingness to share information
• Strong negotiating and influencing skills
• Excellent communication skills.  The candidate should speak fluently and be able to write in a well-structured and logical manner
• Demonstrates an understanding of different organisational departments and functions
• Ability to analyse and assess various data and break them into component parts, patterns and relationships
• Sets high standards for quality and quantity and can work in a systematic, methodical and orderly manner
• Adapts to changing circumstances
• Handles criticism constrictively and learns from it 

Qualifications and Experience

• Minimum IT degree level education (BCom or BSc in information systems or computer science) with either CISA or CRISC
• Minimum 3 years of experience in an IT enterprise risk environment
• Must have advanced experience and knowledge of NIST CSF, Cobit and ITIL frameworks as well as IT infrastructure, systems processes and IT governance
• Advanced knowledge of Excel, Word, PowerPoint, Power BI and Teams
• Must be affluent in report writing with attention to detail