IT Risk Analyst at Bidvest Bank

About the position

To assist with the facilitation and monitoring of effective IT Risk Management throughout the Bank - which includes the identification, measurement, control and minimisation of loss associated with IT related risks within the environment.

RESPONSIBILITIES:

FINANCE:
Cost Management

• Reduce operating costs through process efficiency and innovation.

CUSTOMER
Service Excellence

• Establish and maintain positive relationships with members of all Departments/Business units within the Bank.
• Establish and maintain a positive presence of the IT Risk function in all Departments/Business Units by fostering constructive professional relationships with all team members.
• Build and maintain solid and good relationships with Bank Business Units, External Regulators and Auditors.

INTERNAL PROCESSES

• Identify risks which might occur within the environment through continuous interaction with the relevant teams and follow-up with regards to IT Risk assessments performed.
• Stay knowledgeable of current advances in all areas of Information Technology concerning vulnerabilities, security breaches or malicious attacks.
• Identify vulnerabilities or weaknesses in systems.
• Evaluate IT policies, processes and procedures for completeness and recommend any amendments and or improvements where required.
• Ensure that controls are adequate to protect sensitive information systems within the environment.
• Clearly document and define risks and potential impacts along with the statistical probability of such an event and identify systems affected by the defined risk/s.

Risk Assessments

• Independently conduct ongoing IT Risk reviews at Departmental and/or Business Unit level as per the IT Risk Framework and Policy in line with the pre-determined IT Risk Coverage Plan.
• Facilitate IT Risk assessments conducted by members of management of assigned Departments/Business Units within the Bank.
• Recommend to management and facilitate the implementation of practical and value-add mitigating strategies based on the results of IT Risk reviews and assessments.

Risk Register

• Maintain the risk register for IT in Cherwell from an IT Risk perspective.

Reporting

Assist with the following quarterly reporting:

• IT Risk Report.
• Key Risk Indicator (KRI) Reporting.
• IT Risk and Cyber Security Committee minutes, which includes the preparation and the distribution of the Committee agenda and action item list.
• Operational Risk Committee Dashboard for IT

Business Continuity Management and Disaster Recovery Planning

• Participation in all Disaster Recovery tests.
• Update of the IT Business Impact Analysis (Quarterly).
• Update of the risk register with any IT related risks following a Disaster Recovery test as agreed with the IT Risk Manager and the Chief Information Officer (CIO).
• Update of the Statement of Recoverability (SOR) from an IT Risk perspective

Key Risk Indicators

• Facilitate the implementation and ongoing monitoring of the Key Risk Indicator Framework for IT.

Information Security Awareness

• In collaboration with the IT Risk Manager and the Chief Information Security Officer (CISO), providing input when Information Security Awareness training is launched including the reporting of the results which is included in the quarterly IT Risk report.
• The review of the Information Security Awareness strategy in collaboration with the IT Risk Manager, the CIO and the CISO.

Meeting Attendance

• IT Risk and Cyber Security Committee.
• BASA IT Risk Meeting.
• Testing Governance Committee.
• Operational Risk Committee.
• Data Governance Council.
• All Risk Data Aggregation and Risk Reporting (RDARR) meetings when required.

RDARR

• Update the Shared Drive with any artefacts and or documented work that has been approved as completed by the Chief Risk Officer (CRO) in collaboration with the relevant project stakeholders.
• Assist with RDARR project work from an IT Risk perspective.

REQUIREMENTS

Qualifications:

• CRISC certification
• ISO 27001 Foundation
• B.Com Degree
• Certified ISO 27001 Lead Implementer

Experience

• 2 to 5 years' IT Risk/IT Internal Audit experience within the banking industry.
• OR
• 2 to 5 years' experience within the banking industry (with a general understanding and awareness of the functioning of key functions within the banking industry).
• AND
• Sound understanding of IT Risk, control/mitigation and related concepts, together with the interrelationships between these aspects.
• Experiencing in applying relevant risk/information security methodologies such as ISO, NIST and PCI-DSS.
• Experience in IT Risk Management.
• Sound understanding of the IT Technical environment.
• Sound understanding of Data Management practices.
• Sound understanding of regulatory requirements.

Knowledge, Skills and Abilities Required

• Knowledgeable in all areas of IT Risk Management.
• Excellent written and verbal communication skills.
• Computer literate, with intermediate-level Word and Excel processing skills.
• Inter-personal and other qualities:
• Self-starter/take initiative/"think differently"
• Continuous improvement of day to day tasks and deliverables.
• Innovative with attention to detail.
• Self-motivated and performance driven with positive and constructive interaction with direct and indirect team members within the Bank.

WORKING CONDITIONS (office bound/on-site/travel)

• Office bound with ad-hoc travel when required.

Desired Skills:

• Banking
• IT Risk Management
• IT Risk Analysis
• IT Internal Audit
• ISO
• NIST
• PCI-DSS