Erm Officer

**Role purpose**

The ERM Officer (IT) is responsible for managing and overseeing the risk management program for the organisation's information technology systems and processes in line with the Curo Risk Management Framework. The ERM Officer (IT) role involves conducting risk assessments, implementing, and monitoring controls, and ensuring that appropriate risk mitigation strategies are in place. The ERM Officer (IT) will also be responsible for the oversight of business continuity management and cyber risk management initiatives, to ensure the organisation is prepared for potential risks and disruptions.

**Key Responsibilities include**:

- Conduct regular risk assessments to identify and evaluate potential threats to the organisation's information technology systems and processes.
- Develop and implement risk mitigation strategies to minimize the impact of potential risks on the organisation.
- Monitor the effectiveness of existing risk management controls and recommend improvements where necessary.
- Lead the development and maintenance of the organisation's Business Continuity Management (BCM) programme, ensuring that all necessary procedures and protocols are in place to respond to potential disruptions.
- Oversee the management of cyber risks, including the development and implementation of security policies, standards, and best practices.
- Ensure compliance with relevant laws and regulations related to IT risk management, cyber risk management, and BCM.
- Conduct regular training and awareness sessions for employees on IT risk management, cyber security, and BCM.
- Collaborate with stakeholders across the organisation to ensure that risk management processes are integrated into all aspects of the business.
- Facilitate internal and external audits
- Keep up-to-date with the latest developments in IT risk management and cyber security and make recommendations for improvements to the organisation's risk management program.

**Skills and experience**:

- Bachelor's degree in Information Technology, Computer Science, or a related field.
- A minimum of 3 years' experience in IT risk management, cyber risk management, and business continuity management.
- Strong understanding of relevant laws and regulations related to IT risk management, cyber security, and business continuity, preferably in the context of the financial services sector.
- Ability to conduct risk assessments, develop and implement risk mitigation strategies, and monitor the effectiveness of risk management controls.
- Excellent communication and interpersonal skills, with the ability to work effectively with stakeholders at all levels of the organization.
- Strong project management skills and the ability to lead cross-functional teams.
- Ability to work under pressure, meet tight deadlines, and handle multiple tasks simultaneously.

This job description is intended to provide a general overview of the position and is not exhaustive of all responsibilities. This role may be required to perform other duties as assigned.