Specialist: IT Risk Management at Road Accident Fund

Key Performance Areas

Risk Management

• Contribute to the development an IT Risk management framework for key ICT areas:
• Risks associated with products and services.
• Sensitive or confidential information
• Information security
• IT operations
• IT projects
• System recovery and business resumption
• IT outsourcing
• IT Talent
• Conduct comprehensive risk assessments to identify and analyse potential risks associated with IT systems, processes, and projects.
• Develop and implement risk mitigation strategies and controls to minimize the likelihood and impact of identified risks.
• Manage exposures, insurance, legal/ regulatory requirements, cost justifications, vendor agreements, and business continuity.

Business Continuity and Disaster Recovery

• Contribute to business impact analysis and align IT continuity plans accordingly.
• Develop and implement standard risk assessment, business impact analysis, and BCM tools and capabilities.
• Facilitate insurance and vendor agreements for disaster events.

Incident Response and Crisis Management

• Maintain incident response plans and procedures to effectively respond to and recover from IT incidents and disruptions.
• Participate in crisis management exercises.

Third Party Risk Management

• Evaluate and manage risks associated with third-party vendors, suppliers, and service providers.
• Assess third party security controls, contractual obligations, and service level agreements to mitigate risks and ensure compliance with IT policies.

Cloud Services Risk Assessment and Mitigation

• Conduct risk assessments for cloud services, develop mitigation strategies, and manage relationships with cloud service providers.
• Evaluate and manage relationships with cloud service providers, ensuring that contractual agreements, service level agreements (SLAs), and security commitments meet the organization's requirements.
• Oversee change management processes for cloud environments.

ICT Compliance

• Collaborate with IT teams and business units to ensure that information technology systems and services meet risk management and compliance objectives.
• Conduct regular audits and assessments of information technology systems and services to ensure that they are secure and meet compliance requirements.
• Ensure a compliance framework is maintained in accordance with required standards.

Policy Review and Implementation

• Contribute to the development and implementation of departmental policies, standards, procedures, and processes.
• Stay updated with effective policy execution strategies.

Reporting

• Define key performance indicators (KPIs) and metrics to measure the effectiveness of IT Risk processes and controls.
• Prepare status reports on IT BCM matters, measure BCM program maturity, and publish DR program reports.
• Monitoring risk indicators, tracking risk treatment actions, and generating regular reports and dashboards to communicate risk status to senior management and stakeholders.

Stakeholder Management

• Foster proactive relationships with key stakeholders and address inquiries and requests for information.
• Maintain relationships with Enterprise Risk function, Auditors, service providers, and procurement teams.

Qualifications and Experience

• Bachelor’s Degree/ Advanced Diploma in Information Technology/ Risk Management related qualification
• ITIL will be an added qualification.
• Relevant 5 - 7 years’ experience in a Risk Management or an Information Technology related environment.