Conduct periodic IT risk assessment to ensure all risks have been identified have been, brought to the attention of management and appropriate control measures implemented to mitigate risk;
Provide information risk consultation and guidance during system, application development and e-product development to assure that security concerns are fully addressed in the process;
Performs information control reviews to include system development standards, operating procedures, system security, programming controls, communication controls, backup and disaster recovery, and system maintenance.
Prepare and submit information Risk reports for both consumption by Board of Directors and Senior Management
Conduct risk awareness through training
Review and accredit newly developed systems before deployment in live environment;
Liaise with Risk Heads in subsidiaries with a view of ensuring that Group standards are met
Proactively anticipate potential threats and vulnerabilities and provide guidance in coordination with IT department on effective responses or control measures within subsidiaries
Bachelors’ Degree in Business or related field. A Master’s degree in a relevant discipline will be an added advantage.
Professional Qualifications in Risk Management is required.
Minimum 3 years’ Operational Risk experience.
Minimum 3 years IT experience in infrastructure management/channels management/systems development, network admin/Office systems.
Experience in IT Security.
Demonstrate sound judgment, experience in decision making for complex problems
Ability to operate in a crisis situation, flexible and creative in critical, high-pressure situations
Proactive and positive attitude, highly motivated and self-directed; ability to work in a team environment or independently
Understanding of information security and risk management principles