Primary Purpose:
Strengthen the organization’s IT environment by identifying and assessing risks, implementing compliance measures, coordinating regulatory adherence, and fostering engagement and capability building to embed a culture of risk awareness.

Key Performance Areas/ Key Responsibilities/Key Duties/ Key Deliverables 

Risk Identification and Assessment

• Perform regular risk assessments on new and existing technologies assessing risks pertaining to IT General Controls i.e. Access Controls, Change Control/Change Management, Data backup and recovery, IT operations, Systems development and maintenance and physical security.
• Assess the impact of potential threats and risks identified, design and implement controls to mitigate IT risks and security risks identified.

Risk and Compliance

• Implement and maintain IT risk management policies including security policies, procedures and frameworks ensuring that policies are regularly reviewed and updated to adapt to changing threats and technologies.
• Align MGN policies with industry standards (e.g., NIST, COBIT, ISO 27001, other industry standards, regulations and internal controls related to IT security and data protection).
• Continuously monitor adherence and operating effectiveness of the implemented IT and security controls and address deficiencies by collaborating with business units to align risk strategies with organisational goals.
• Coordinate regulatory and compliance audits (external and internal audits) by facilitating communication with the auditors, leading meetings/discussions with auditors to communicate the IT and security controls in the environment, gathering audit requirements/evidence/deliverables required by the auditors

Coordination and Implementation

• Coordinate with technical teams to monitor networks for security breaches, intrusions, and unusual activity. Investigating incidents, analysing logs, and identifying potential vulnerabilities.
• Coordinate with the team to address and resolve incidents promptly, implementing corrective actions to prevent future occurrences.

Engagement and Capability Building

• Build awareness on emerging cyber threats, educating employees on IT related risks, including security best practices.
• Support the business units to identify, manage and monitor IT related risks.

Minimum Requirements:

Education:

• NQF Level Seven (7) - Bachelor’s degree in information technology, Computer Science, Cybersecurity, or a related field.
• Relevant certifications (e.g. CISA, CISSP, CISM,) will be an advantage

Work Experience:

• Minimum of three (3) years of experience in IT risk management, information security, or a related role.
• Experience from an Auditing firm will be a distinct added advantage

Other Requirements:

• Excellent written and verbal communication skills, with the ability to explain technical concepts to non-technical stakeholders.
• Strong analytical and problem-solving skills.
• High level of integrity and commitment to confidentiality.
• Strong knowledge of security technologies, risk assessment tools, and regulatory requirements.
• Proactive and adaptable to changing priorities and emerging threats.