• Login Name       Password       Remember me       LOGIN LOGIN    FORGOT PASSWORD


IT Risk & Security Officer

Job Ref
Job Type
Employer Type
Recruitment Agency
Date Added 19 Feb 2018
Expiry Date 5 Apr 2018
* There have been 11 applications to this job.
* This job has been viewed 2448 times.

South Africa



Role details:
One of clients based in CapeTown, Western Cape is seeking to employ a IT Risk & Security Officer on a permanent basis EmploymentEquity position
- - - - - - - - - - - - - -
This role will focus onInformation Security and the creation of an Information Security Management System with the goal ofprotecting the Confidentiality, Integrity and Availability of COMPANY Information Assets, in linewith the risk appetite of the organisation. The role incumbent will provide expertise in respect ofInformation Security, enabling COMPANY to meet its business objectives and act appropriately in theface of rapidly changing threats, technologies and business conditions. The incumbent will workclosely with the IT Risk function, with a significant amount of cross-pollination in terms ofresponsibilities. The incumbent will be expected to manage and drive audit remediation. There willbe a requirement to develop, deliver and maintain Security Architecture that remains relevant,achievable, and aligned to the organisational strategies. The role incumbent will be responsible fora number of specific Information Security domains and will also be expected to contribute to thedefinition and maintenance of the overall Information Security Strategy. The incumbent will ensurethat project investments are coordinated towards wider architecture goals and that the SecurityArchitecture is communicated and understood within the organisation. There will be an expectationthat the successful candidate will drive Security into the DevOps processes and will have a broadunderstanding of various technologies.
All IT risk management activities are coordinatedthrough this role and includes the coordination of IT Risk policy drafting and scheduled review. Therole is responsible to maintain the IT Risk Framework and its associated controls and reporting.This role is responsible to independently evaluate overall information technology risk, maintain anactive view, and report on the controls and residual risk in the technology organization.The candidate mustdevelop an understanding of the technical IT environment and be prepared for robust discussions andchallenge from management around risk and adequacy of the controls in the environment. It isimperative that the IT Risk officer assist IT in finding solutions to challenges as they arise overand above helping IT identify and classify risks appropriately. This role is also responsible forfacilitating and managing IT Audits as well as driving Audit Remediation. Any required GroupGovernance processes will also be facilitated by this role (E. G. Cloud SteercomPreparation)

·         Qualifications relevant to IT riskmanagement or IT auditing or qualifications relative to the IT environment.
·         CRISC/CGEIT/CISA advantageous
·         CISSP/CISM advantageous
·         Relevant tertiary education orcertifications


·         Understanding of Risk Managementtechniques and tools
·         Experience of IT Riskmanagement and understanding of the relationship with the wider Enterprise Risk function
·         Good technical knowledge of ITsystems and processes
·         Experience in afinancial services environment advantageous

 It is anticipated that some of the requiredcompetencies will develop in role to the appropriate level.

·         Excellent written and oralcommunication
·         Strong presentationskills
·         Personal organisation and planning
·         Problem solving
·         Negotiating and influencing
·         Stakeholder management includingsenior managers
·         Must thrive in demanding andfast-paced environment
·         Must be able toprioritize and perform multiple tasks simultaneously
·         Ability to operate as a team memberand work independently
·         Ability to operate at astrategic level and understand detailed issues
·         Ability to complete projects andkeep to deadlines
·         Value and deliveryfocused
·         Skilled use of typical officesoftware and an ability to understand and learn risk management software

IT Risk Officer
Specific Responsibilities
1.      Risk Identification, Assessment and Evaluation
Identify, assess and evaluaterisk to enable the execution of the IT and enterprise risk management strategy.

Collect information andreview documentation to ensure that risk scenarios are identified and evaluated.
Identify legal,regulatory and contractual requirements and organizational policies and standards related toinformation systems to determine their potential impact on the business objectives.
Identify potentialthreats and vulnerabilities for business processes, associated data and supporting capabilities toassist in the evaluation of IT risk.
Create and maintain an IT risk register to ensurethat all identified risk factors are accounted for.
Assemble IT risk scenarios to estimate the likelihoodand impact of significant events to the organization.
Analyse IT risk scenarios to determine their impacton business objectives.
Develop an IT risk awareness program and conduct training to ensure thatstakeholders understand risk and contribute to the risk management process and to promote arisk-aware culture.
Correlate identified IT risk scenarios to relevant business processes to assist inidentifying risk ownership.
Validate risk appetite and tolerance with senior leadership and key stakeholdersto ensure alignment

2.       RiskResponse
Develop and implement risk responses to ensure that risk factors and events areaddressed in a cost-effective manner and in line with business objectives.

Identify and evaluate riskresponse options and provide management with information to enable risk responsedecisions.
Review IT risk responses with the relevant stakeholders for validation of efficiency andeffectiveness.
Apply IT risk criteria to assist in the development of the risk profile for managementapproval.
Assist in the development of IT risk response action plans to address risk factorsidentified in the risk register.

3.      Risk Monitoring
Monitor risk and communicate information to therelevant stakeholders to ensure the continued effectiveness of the IT risk managementstrategy.

Collect and validate data that measure key IT risk indicators (KRIs) to monitor andcommunicate their status to relevant stakeholders.
Monitor and communicate key IT risk indicators (KRIs)and management activities to assist relevant stakeholders in their decision-makingprocess.
Facilitate independent IT risk assessments and risk management process reviews to ensurethey are performed efficiently and effectively.
Identify and report on IT risk, including compliance,to initiate corrective action and meet business and regulatory requirements.  

4.       Audits and Reviews

Serve as liaison to auditors and other relevant persons regarding documentationand review of IT Risk and information compliance.
Communicate audit and review results to appropriateparties; ensure that issues are addressed and corrective actions are implemented.
Keep a tracking actionlist of all audit issues.
Drive remediation of audit finding within the agreed remediationtimelines.

Information SecurityOfficer
1.       InformationSecurity Strategy and Management

·         Develop an information securitystrategy
·         Develop and implement an ISMS andcyber security programme
·         Develop and maintaininformation security policies, standards, and procedures
·         Define technical informationsecurity plans and documentation, to support the information security strategy
·         Create and maintain an informationsecurity incident response plan
·         Provide relevant recommendationsand develop information security key performance indicators (KPIs)
·         Create and present reports atvarious levels, including C level

2.      Risk and Compliance
•    Provide insight as the information security subject matter expert in committees, andcompliance projects
•     Work closely with auditors, and drive thenecessary remediation of information security findings
•     Assist in identifyingand mitigating information security related risks
•     Conduct riskassessments on third parties to ensure compliance of information security standards
•     Assess cloud vendors and provide input on security withincloud environments

·         Advise and participatein the business continuity and disaster recovery plans

3.      Application Security

·         Define the information securityrequirements for SDLC
·         Facilitate informationsecurity code reviews
·         Drive securityautomation into the DevOps processes

4.       OperationalSecurity

·         Drive the vulnerabilityand patch management programme
·         Coordinate technicalinformation security assessments and penetration tests, as well as, drive remediation
·         Ensure information securityawareness training is implemented within the organisation
·         Manage the information securityproducts and support vendors
·         Act as a key approver inthe context of change management, specifically with regards to all changes requiring informationsecurity oversight

5.      Security Architecture

·         Review, provide input, and approvesolution designs from an information security perspective
·         Define and drive securityarchitecture