Technology Risk

Surgo (PTY) Ltd. has partnered with a global analytics and digital solutions company serving industries including insurance, healthcare, banking and financial services, media, retail, and others. They aim to bridge the gap between digital expectations and real outcomes for international companies with Digital Intelligence.

Our client is recruiting for a Technology Risk & Compliance Analyst to join their team based in Cape Town.

**Job purpose and Description**:
To support the Technology Risk & Compliance Manager to ensure the companies security risks are appropriately managed through timely identification and assessment of risks.

The Technology Risk & Compliance Specialist will execute the security strategy and delivery of technology risk objectives to enhance the company’s security programme, through the timely identification and assessment of risks, driving risk mitigation and maintaining the technology risk register. As a specialist, you will be responsible for assessing the company’s internal compliance against industry regulations and established standards, as well as helping to drive the Security, Risk & Compliance programme.

**Responsibilities**:
Demonstrate commitment to the the companies core values through upholding our standards of business conduct, complying with Group policies & procedures, and leading by example

Establish a working environment which promotes the importance of employees acting with integrity and in an ethical manner in line with the Group Code of Conduct

Ensure the execution of key internal controls within Technology Risk & Compliance

Define, document and operationalise the processes and procedures to drive the consistency in the monitoring of compliance (e.g. compliance checking, tracking, monitoring and monitoring schedules, communications, and reporting) of managed service providers and Tier 1 vendors with the companies security requirements and Service Level Agreements (SLAs)

Define and document the Cyber/Technology risk management process leveraging the existing ERM framework, including the cyber/ technology risk assessment methodology (e.g. risk acceptance/assessment process, security risk profile, roles/responsibilities; reporting requirements, etc.)

Define a model of risk likelihood and impact, as well as risk rating criteria, categorisation, risk tolerance & acceptance levels and escalation processes

Monitor mitigating actions and proposed solutions to ensure risks are reduced to an acceptable business level

Validate security/technology & risk requirements with relevant stakeholders before the launch of a software, tool or platform

Provide governance to ensure adequate risk management of compliance and regulatory risks

Design and maintain the companies compliance framework containing internal security policies, global standards and regulatory requirements

Register risks and associated solutions in a formalised risk register and define KPIs, metrics and a risk appetite to enable standardised risk reporting amongst the companies teams

**Requirements**:
Industry certifications for example CRISC, CISA or CISSP

Knowledge or experience working with security standards and frameworks, such as the ISO31000 Risk Management Framework

Knowledge or training for the ISO27001 standard and NIST security frameworks

Knowledge of relevant frameworks, regulations, international legislation, and monitor emerging threats, forecasts, policies, and benchmarks

Ability to communicate with the companies stakeholders to determine the security risk impact for new projects and business changes to provide relevant security requirements

Establish the companies security/technology compliance requirements based on various business functions and regulated data requirements

**Skills**:
Ability to design and execute key internal controls in a Technical Risk & Compliance environment

Good understanding of technology risk management fundamentals, processes and frameworks

Ability to communicate with stakeholders of varying seniority to explain technology risks in simple business language, with a clear scope of impact, risk ownership and accountability

Strong analytical skills, with a proactive work approach for identifying and remediating risks for the business and a proven ability to drive results

**General knowledge of various Cybersecurity domains such as**: data protection, identity & access management, with an ability to identify risks across these areas

**Qualification & Experience**:
Essential to have industry certifications for example CRISC, CISA or CISSP

Essential to have knowledge or experience working with security standards and frameworks, such as the ISO31000 Risk Management Framework

Desirable to have knowledge or training for the ISO27001 and NIST security frameworks

As a Technology Risk and Compliance Analyst, you will be expected to demonstrate experience and knowledge across the following areas
- Security risk management, security compliance, and basic knowle