IT Risk Specialist

Job Description

Dear Future IT Risk Specialist,

RMB is a place where exceptional people create their own opportunities by challenging the conventional and driving sustainable impact.

United by our proud heritage, strong ethics and philosophy of Traditional values. Innovative ideas, it's the magic of our people and culture that sets us apart.

Now, is the time to imagine your next move with South Africa's number one employer in Financial Services for 2025, where you can embrace the power of collective thinking to unlock unique opportunities for our clients and society.

In this role, you will be required to provide specialist advice, guidance and support to the business and technology community to ensure appropriate development and implementation of an IT risk management programme in accordance with governance and IT risk requirements.

To oversee the implementation and monitoring of a risk management framework including policies, standards and security and architecture to ensure sound IT management practices.

Are You Someone Who Can:

• Maintain expert knowledge on relevant legislative amendments, industry best practices and provide advice to relevant stakeholders.
• Maintain up to date knowledge of local and global trends.
• Provide thought leadership and expertise.
• Identify sources of the risk, areas of impact, events and their causes and potential consequences that might create, enhance, prevent, degrade, accelerate, or delay the achievement of IT objectives.
• Determine the level of risk, which is defined as the combination of the consequences and likelihood of the inherent risk.
• Conduct impact analysis to ensure resources are adequately protected with proper control measures within acceptable levels of residual risk.
• Assist IT with creating action plans to mitigate potential risks within the IT environment and comply with governance in terms of legislative, audit and business policy requirements.
• Follow up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.
• Contribute to IT Risk reports, and review and assess quality and accuracy of IT reports.
• Monitor and analyse IT Risk performance and generate reports Identify areas needing improvement and develop recommendations Partner with business and IT about monitoring and reviewing risk performance.
• Monitor and analyse IT Risk performance and generate reports.
• Identify areas needing improvement and develop recommendations.
• Partner with business and IT with regard to monitoring and reviewing risk performance.
• Provide advice and support to business about tools and methodologies to mitigate IT risks and issues, and to improve identified control weaknesses.
• Consult with business and technical staff on potential operational impacts of proposed changes to the IT environment.
• Inform stakeholders about IT risk issues and activities affecting the assigned area or project Report to management concerning residual risk.
• Attend relevant BU committees e.g., Monthly BU IT Risk Committee, BU IT Exco, Project Steering committees, New Product Approval, CAB etc.
• Monitor the BU's development of DR/BCM test plans, testing, and documentation for each application Review selected change requests to ensure they are appropriately incorporated into the larger business plan.
• Assist in the identification of root causes (including identification of control failures) of IT-related incident recommend appropriate mitigation of root cause.
• Maintain an up-to-date understanding of industry best practices. Test adequacy of existing controls and recommend actions for improvement.
• Monitor the Business Unit's compliance with Group security policies and standards with guidance from their respective ISO and IT Risk Manager Oversee hygiene reporting and action plans to remediate noncompliance Assess and monitor the risk posture against tolerance., as it relates to information and cyber security.
• Provide risk posture on area / system being audited, including known issues and action plans. Assist Business/IT with creating action plans to mitigate the risks from the audit findings.
• Assess the adequacy of action plans defined by business. Determine revised dates for overdue where necessary and ensure formal revision process is followed.
• Undertake periodic reviews of the contracts/arrangements to ensure these comply with the Group Sourcing and Vendor Management policy.
• "Provide IT Risk briefings to advise on critical issues that may affect the business. Conduct knowledge transfer training sessions to both internal and external stakeholders regarding risk programmes."
• Monitor accuracy of the IT Asset Register and CMDB (Configuration Management Database).
• Monitor the IT process for updating IT Asset Register and CMDB.
• Provide recommendations for the IT Continuity and Risk Frameworks/Guidelines based on findings from analyses of usage and practices in IT.
• Provide advice and support to the BU to ensure that IT Risk is fully functional and in accordance with frameworks and Risk requirements.
• Manage the conceptualisation, planning, and delivery of IT Risk Management projects as assigned.
• Collaborate with IT Operational/Risk teams to ensure delivery of projects.
• Provide status updates to relevant stakeholders.
• Serve in an advisory role in application development and infrastructure projects to assess risks.
• Recommend and ensure implementation of required changes to IT risk and security policies and procedures· Benchmark current IT practices against leading practices and existing frameworks.
• Annually review and report any gaps in IT policies, procedures, standards both current and new Recommend required changes to IT policies, procedures, standards.

You Will Be An Ideal Candidate If You:

• have a Bachelor of Technology in Information Technology or equivalent (BSC in IT) or Auditing qualification. CISA, CRISC or additional qualifications would be advantageous.
• 4 to 5 years' experience in IT Risk.

You Will Have Access To:

• Opportunities to network and collaborate
• Challenging Work
• Opportunities to innovate

Are you interested to take the step? We look forward to engaging with you further. Apply now

Job Details

Take note that applications will not be accepted on the below date and onwards, kindly submit applications ahead of the closing date indicated below.

03/12/25

All appointments will be made in line with FirstRand Group's Employment Equity plan. The Bank supports the recruitment and advancement of individuals with disabilities. In order for us to fulfill this purpose, candidates can disclose their disability information on a voluntary basis. The Bank will keep this information confidential unless we are required by law to disclose this information to other parties.