IT Security Specialist – Gauteng Sandton

Risk Manager (Operations – Information and Data Security)

Reporting to: Risk Manager

Purpose of the role: The purpose of the role is to protect the organization by identifying, monitoring and providing risk mitigation options for the achievement of corporate business objectives.

Skills and knowledge:

  • Preference: Degree in Information Security, Computer Science, Data Management, Risk Management or Internal Audit
  • Benefit: Information Security Certification

Minimum experience

  • Minimum of 5 years of experience in information security, risk management, systems audit.
  • General understanding of IT security standards
  • Advantage: ISO 3100 and COBIT

The exits
Risk management for today’s businesses:

  • Supervise and, in certain areas, steer the implementation of appropriate risk control actions
  • Monitor, evaluate and challenge the organization’s success in managing information, cybersecurity and data risks
  • Help identify key information security and data management risks affecting operational functions within the business
  • Administration of the information security, cybersecurity and data management risk identification and assessment process
  • Monitor internal controls to ensure their adequacy and effectiveness and assist in the identification of appropriate improvements to address identified weaknesses
  • Conduct research as needed on specific topics as needed
  • Compile and submit all scheduled and ad hoc risk management reports in a timely and accurate manner
  • Contribute to the development and updating of risk management policies and procedures for the organization to ensure areas of responsibility are properly addressed
  • Help maintain a culture within the company that emphasizes and demonstrates the importance of effective risk management to all personnel
  • Participate in employee training on the risk management framework
  • Conduct risk assessments of business processes and practices on an ongoing basis
  • Contribute to the annual risk management plan and execute according to the plan
  • Keep abreast of requirements related to information security, cyber risk and data management standards and best practices

Risk management for new activities/services:

  • Provide risk support to the project team regarding information security, cybersecurity, data management; assessment/assistance of/on their processes, procedures and in the identification of associated risks and controls.
  • Assess the adequacy of risk control frameworks for the data and information security aspects of new services
  • Assess changes to the organization’s risk profile due to new services

Emerging technologies:

  • Conduct research on emerging technologies to provide risk management support to the business
  • Identify training opportunities to deepen knowledge of new technologies
  • Provide training and guidance to the risk management team on areas of focus to share knowledge and assist in cross-competence
  • Provide guidance to teams in the identification, planning and execution of assurance activities relating to new technologies

Business Continuity Management:

  • Initiate and gather impact assessments on the division’s activities on an annual basis.
  • Work with company DR (Disaster Recovery) resources to ensure all market DR testing issues are resolved.
  • Ensure responsible staff members update disaster recovery plans for core applications on an annual basis.
  • Contribute to the business continuity plan of the company.
  • Support divisions in their business continuity planning

Data and information security:

  • Actively participate in the Information Security Council by highlighting risk considerations for operational events, current processes or new products/services under consideration.
  • Track and follow up on issues raised in areas of interest to drive prompt resolution
  • Provide advice to the business on emerging data and information security risks
  • Perform independent assessments of compliance of data and information security assessments against adopted standards.
  • Awareness and appreciation of the principles of integrity, confidentiality and availability of data within the organization.

Internal Audit:

  • Responsible for facilitating reviews of assigned internal audit functions
  • Coordination of management responses across the organization for assigned reviews
  • Validate the relevance of the corrective measures proposed by management for the deficiencies identified
  • Coordination of the follow-up of the organization and the state of resolution of the previous results

Combined insurance forum:

  • Assist in the preparation of annual reports and assurance plans
  • Regularly identify insurance gaps in proposed plans
  • Coordinate insurance reviews related to areas of responsibility
  • Assist in reporting various assurance activities across the organization

Desired skills:

  • Information Security
  • Risk management
  • Systems auditing

About the employer:

Financial services

Employer and Benefits:

Find out more/Apply to this position

Comments are closed.