IT Risk Specialist (Senior) at Discovery Limited

Areas of responsibility may include but not limited to

• The successful candidate will be required to perform but not limited to the following key outputs in respect of the IT and Project risk portfolio:

Risk Identification and Assessment

• Identify potential IT-related risks (emerging and current) and vulnerabilities within the organisation's technology infrastructure, applications, and processes.
• Conduct detailed risk assessments and gap analyses to evaluate the impact and likelihood of identified risks.
• Collaborate with IT teams and business units to understand and document risk factors and controls.

Risk Management and Mitigation

• Develop and implement risk management strategies, frameworks, and procedures to address identified risks effectively.
• Work with relevant teams to identify IT controls or processes that requires enhancement, thereby ensuring they align with the organisation's risk appetite and industry standards.
• Provide guidance on and challenge business’ risk mitigation strategies and control implementations to minimize exposure to IT risks.
• Assist business’ in designing and implementing KRIs aligned to the organisation’s risk appetite that would facilitate the escalation of material IT related risks.  

Compliance and Regulatory Oversight

• Stay updated with industry regulations, standards, and best practices related to IT risk management and data protection.
• Ensure the organization's IT practices and controls comply with relevant laws, regulations, and contractual obligations.
• Collaborate with compliance and legal teams to address any IT risk-related compliance issues.

Incident Response and Recovery

• Review the effectiveness of the testing performed related to incident/ recovery response plans for IT-related security breaches or disruptions.
• Conduct post-incident reviews to identify lessons learned and areas for improvement.

Training and Awareness

• Organise and deliver training sessions for employees, educating them about IT risks, based on security best practices, and their role in risk management.
• Raise awareness within the organisation about the importance of IT risk management and maintaining a security-conscious culture.

Reporting and Communication

• Prepare and present comprehensive reports on IT risk assessments, trends, and mitigation efforts as well as aggregated reporting on key information to senior management and relevant stakeholders.
• Communicate complex IT risk concepts to non-technical audiences effectively.

3rd Party Risk Management

• Evaluate and assess IT risks associated with third-party vendors and service providers.
• Collaborate with procurement and legal teams to ensure vendors comply with IT security and risk management requirements.

Education and Experience

• Bachelor’s degree in information technology, Computer Science, or a related field.
• A master's degree or relevant certifications (e.g., CISA, CISSP, CRISC) may be preferred. 
• Proven experience (typically 5+ years) in IT risk management, information security, or a related field, with at least some years in a senior or leadership capacity.
• In-depth knowledge of IT risk management frameworks, methodologies, and best practices.
• Familiarity with relevant regulations and standards (e.g., ISO 27001, NIST, GDPR/POPIA) and their application in IT risk management.
• Strong analytical skills and the ability to assess complex IT systems and processes for potential risks.
• Excellent communication and presentation skills to interact with stakeholders at various levels of the organisation.
• Demonstrated ability to work independently, lead cross-functional teams, and handle multiple priorities simultaneously.
• A proactive approach to risk identification and a continuous improvement mindset.
• Advanced knowledge of Excel, Word, PowerPoint, Power BI, and Teams