IT Risk Specialist at FNB South Africa

Job Description

• To provide specialist advice, guidance and support to the business and technology community to ensure appropriate development and implementation of an IT risk management programme in accordance with governance and IT risk requirements.
• To oversee the implementation and monitoring of a risk management framework including policies, standards and security. architecture to ensure sound IT management practices
• Maintain expert knowledge on relevant legislative amendments, industry best practices and provide advice to relevant stakeholders.
• Maintain up to date knowledge of local and global trends.
• Provide thought leadership and expertise.
• Identify sources of the risk, areas of impact, events and their causes and potential consequences that might create, enhance, prevent, degrade, accelerate, or delay the achievement of IT objectives.
• Determine the level of risk, which is defined as the combination of the consequences and likelihood of the inherent risk.
• Conduct impact analysis to ensure resources are adequately protected with proper control measures within acceptable levels of residual risk.
• Assist IT with creating action plans to mitigate potential risks within the IT environment and comply with governance in terms of legislative, audit and business policy requirements.
• Follow up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.
• Contribute to IT Risk reports, and review and assess quality and accuracy of IT reports.
• Monitor and analyse IT Risk performance and generate reports Identify areas needing improvement and develop recommendations Partner with business and IT about monitoring and reviewing risk performance.
• Monitor and analyse IT Risk performance and generate reports.
• Identify areas needing improvement and develop recommendations.
• Partner with business and IT with regard to monitoring and reviewing risk performance.
• Provide advice and support to business about tools and methodologies to mitigate IT risks and issues, and to improve identified control weaknesses.
• Consult with business and technical staff on potential operational impacts of proposed changes to the IT environment.
• Inform stakeholders about IT risk issues and activities affecting the assigned area or project Report to management concerning residual risk.
• Attend relevant BU committees e.g., Monthly BU IT Risk Committee, BU IT Exco, Project Steering committees, New Product Approval, CAB etc.
• Monitor the BU's development of DR/BCM test plans, testing, and documentation for each application Review selected change requests to ensure they are appropriately incorporated into the larger business plan.
• Assist in the identification of root causes (including identification of control failures) of IT-related incident recommend appropriate mitigation of root cause.
• Maintain an up-to-date understanding of industry best practices. Test adequacy of existing controls and recommend actions for improvement.
• Monitor the Business Unit's compliance with Group security policies and standards with guidance from their respective ISO and IT Risk Manager Oversee hygiene reporting and action plans to remediate noncompliance Assess and monitor the risk posture against tolerance., as it relates to information and cyber security.
• Provide risk posture on area / system being audited, including known issues and action plans. Assist Business/IT with creating action plans to mitigate the risks from the audit findings.
• Assess the adequacy of action plans defined by business. Determine revised dates for overdue where necessary and ensure formal revision process is followed.
• Undertake periodic reviews of the contracts/arrangements to ensure these comply with the Group Sourcing and Vendor Management policy.
• "Provide IT Risk briefings to advise on critical issues that may affect the business. Conduct knowledge transfer training sessions to both internal and external stakeholders regarding risk programmes."
• Monitor accuracy of the IT Asset Register and CMDB (Configuration Management Database).
• Monitor the IT process for updating IT Asset Register and CMDB.
• Provide recommendations for the IT Continuity and Risk Frameworks/Guidelines based on findings from analyses of usage and practices in IT.
• Provide advice and support to the BU to ensure that IT Risk is fully functional and in accordance with frameworks and Risk requirements.
• Manage the conceptualisation, planning, and delivery of IT Risk Management projects as assigned.
• Collaborate with IT Operational/Risk teams to ensure delivery of projects.
• Provide status updates to relevant stakeholders.
• Serve in an advisory role in application development and infrastructure projects to assess risks.
• Recommend and ensure implementation of required changes to IT risk and security policies and procedures· Benchmark current IT practices against leading practices and existing frameworks.
• Annually review and report any gaps in IT policies, procedures, standards both current and new Recommend required changes to IT policies, procedures, standards.