Senior Specialist - IT Risk at Telesure Investment Holdings (TIH)

JOB PURPOSE

Assist the Information Assurance Manager to ensure Information Assurance, IT Governance, Internal Risk assessment and reporting, IT regulatory compliance, documentation, audit and assurance, improvements, asset management and Third-party risk management for TIH information systems are performed in accordance with Enterprise Risk Management principles, legislation, regulation and relevant and applicable industry standards.

RESPONSIBILITIES

Risk Management & Reporting

Perform end-to-end risk identification, assessment, monitoring, quantification, treatment and reporting processes in accordance with Enterprise Risk Management principles. Perform risk maturity assessments and reviews in GIT in accordance with the Risk framework. Execute and manage various risk, integrated risk assurance and risk compliance assignments. Produce Risk reports highlighting areas of concern, opportunities and anything requiring further investigation Continuously monitor and evaluate the overall risk profile across the GIT risk spectrum, including third party risk, to provide a combined assurance view Identify financial and business risks and escalate accordingly. Develop risk registers and dashboards to monitor risks. Support the development and implementation of risk appetite and tolerance levels and associated thresholds.

Stakeholder Engagement

Develop stakeholder engagement through identifying stakeholders, finding out their needs/issues/concerns and reacting to these to support the communication of business information and decisions. Assist Information Assurance Manager to respond to regulatory enquiry received, including request for information, fines imposed, and outstanding statutory returns and onsite visits.

Recommendations

Recommend changes to policies, processes, standards and practices that would improve operational support. Identify and facilitate Key Risk Indicators (KRI's). Support the development of Combined Assurance models, frameworks and plans. Clearly communicate risk and compliance matters Write and present relevant Risk and Compliance reports that are aligned with standards, guidelines and schedules.

Operational Compliance Reporting

Maintain and renew a deep knowledge and understanding of the organisation's policies and procedures and of relevant regulatory codes and codes of conduct, and ensure own work adheres to required standards. Promote a culture of governance, risk and compliance. Establish pro-active risk management approaches. Write and present relevant Risk and Compliance reports that are aligned with standards, guidelines and schedules.

Policies and Procedures Development

Contribute to the drafting of policies, procedures, and related guidelines within an area of expertise to meet defined key principles and ensure compliance with external requirements. Review and update monitoring plans to include new high risk exposure areas to enable compliance to provide assurance on the implementation of new policies and procedures regarding the new/amended legislation.

Information and Business Advice

Provide specialist advice on the interpretation and application of policies and procedures, resolving queries and issues and referring very complex or contentious issues to others. Render support in clarification/interpretation of new/amended legislation if required.

Improvement / Innovation

Identify shortcomings and suggest improvements to existing processes, systems and procedures, then delivers a plan for a small element of a change management program with guidance from a project/program manager.

Organisational Capability Building

Provide coaching to team members to develop their skills.

Personal Capability Building

Develop own capabilities by participating in assessment and development planning activities as well as formal and informal training and coaching; gain or maintain external professional accreditation where relevant to improve performance and fulfill personal potential. Maintain an in-depth understanding of technology, external regulation, and industry best practices through ongoing education, attending conferences, and reading specialist media.

Requirements

GENERAL EDUCATION

• University degree in IT Risk Management or related domain (Advantageous)
• Relevant industry certifications, such as CISM, CGEIT, CRISC, COBIT, CISA etc (Advantageous)

GENERAL EXPERIENCE

• 3 or more years' experience in IT Risk Management (Essential)
• Project/Portfolio Management experience (Advantageous)
• Third party/supplier risk management (Advantageous)
• Operational risk experience (Advantageous)
• Clear understanding of IT Security (Advantageous)