IT Risk Manager

**Introduction**

Through our client-facing brands Metropolitan and Momentum, with Multiply (wellness and rewards programme), and our other specialist brands, including Guardrisk and Eris Property Group, the group enables business and people from all walks of life to achieve their financial goals and life aspirations.

**Role Purpose**

Momentum Insure (MI) is looking for a highly motivated individual who is able to work at Information Technology (IT) management and MI leadership levels to ensure that IT risk within MI is well managed within the risk appetite of the business.

The role will be positioned within the risk management function of Momentum Insure. The function’s purpose is to ensure that industry best practice risk management frameworks, controls and risk treatment plans are in place and executed and that the required monitoring of and reporting on IT risk exposure to the Chief Risk Officer (CRO) and the Chief Information Officer (CIO) occurs.

The role is required to provide overall leadership, vision and direction to the IT risk management function by supporting the achievement of the business’ strategic objectives. The incumbent will be considered as the thought leader of IT risk and is expected to ensure that IT risks are appropriately assessed, measured, prioritized and reported to the relevant stakeholders.

**Requirements**:
**Experience and Qualifications**
- A relevant degree in Computer Science, Information Technology, Risk Management or equivalent at NQF level 8.
- At least 4 years in an IT or information security risk management role

**Reporting line**

This role will ultimately report to the Chief Risk Officer, with a dotted reporting line to the Chief Information Officer. The role will not have any direct reports but will be required to work closely with other members of the risk management function, as well as members of management.

**Duties & Responsibilities**
- Take overall accountability of the IT risk management function in Momentum Insure, ensuring that the objectives of IT risk management meets the business’ strategic objectives
- Develop, establish, and implement policies and frameworks for IT risk management, including the consideration of the necessary risk appetite statements and key risk indicators
- Perform and monitor IT risk assessments, which comprise identifying, assessing, measuring, prioritizing and reporting risks that may impact the business
- Work closely with business and IT risk owners to co-create plans and solutions and ensure proactive risk management is embedded in the business / risk owners’ processes
- Develop remedial plans with IT risk owners to manage IT risks to desired levels on an ongoing basis
- Provide assurance on material IT risk exposures to the Momentum Insure CRO and Executive Committee
- Driving the embedment of the applicable information technology regulatory and compliance standards
- Challenging the IT risk profile through risk assessments and control adequacy reviews
- Reporting on IT risk exposures, the IT risk profile and associated mitigating plans to the relevant governance structures at a Momentum Insure and Momentum Metropolitan Holdings (MMH / Group) level
- Submission of the necessary quarterly IT risk assessments to Group IT
- Attending the Momentum Insure Risk Forum, the MMH IT Risk committee and any other quarterly governance meetings deemed appropriate
- Liaising with internal and external audit, thus managing all IT-related audits, including the tracking of IT-related audit findings
- Ensure that regular (at least quarterly) Logical User Access Management assessment is completed
- Ensure quarterly SANS Top 20 is submitted to MMH IT Security
- Support the Business Continuity Champion during the annual disaster recovery testing process, where deemed appropriate

**Competencies**

**Skills and behavioural competencies**
- Written and verbal communication skills
- Presentation skills
- Influential and assertive, displaying self-confidence
- Negotiation skills
- Relationship management
- Analytical skills and attentive to detail
- Planning and organising skills
- Upholding standards

**Knowledge**
- Requires an in-depth knowledge of information technology issues, techniques and implications across a wide variety of existing information technology platforms
- In-depth understanding of risk management practices
- Knowledge of the relevant regulatory, legislative, governance, risk and compliance landscapes would be beneficial to the role
- Understanding of Enterprise Risk Management (ERM) and Own Risk and Solvency Assessment (ORSA) practices and philosophies would also be beneficial to the role