Reference Number MMH250226-8
Job Title IT Risk Analyst
Position Type Permanent
Role Family Risk
Cluster Momentum Investments
Remote Opportunity Some of the time
Location - Country South Africa
Location - Province Gauteng
Location - Town / City Centurion
Introduction
Through our client-facing brands Metropolitan and Momentum, with Multiply (wellness and rewards programme), and our other specialist brands, including Guardrisk and Eris Property Group, the group enables business and people from all walks of life to achieve their financial goals and life aspirations. We help people grow their savings, protect what matters to them and invest for the future. We help companies and organisations care for and reward their employees and members. Through our own network of advisers or via independent brokers and utilising new platforms Momentum Group provides practical financial solutions for people, communities and businesses.
Disclaimer As an applicant, please verify the legitimacy of this job advert on our company career page.
Role Purpose
The IT Risk analyst will report to the Head of Information security and IT risk management assisting in the delivery of IT risk initiatives. This role focuses on supporting the identification and management of IT and information security risks.
Requirements
Qualifications:
- Bachelor's degree in Information Technology, Computer Science, Risk Management, Cybersecurity, or a related field (or equivalent experience).
- Industry certifications (advantageous but not required):
- CompTIA Security+ (entry-level security knowledge)
- CRISC (Certified in Risk and Information Systems Control) beneficial for IT risk understanding
- ISO 27001 Foundation basic knowledge of information security management systems
- COBIT Foundation governance and risk framework understanding
- 3 - 6 years of experience in IT risk, information security, IT audit, or a related field.
- Exposure to risk assessments, compliance monitoring, or IT control frameworks is beneficial.
- Familiarity with IT governance frameworks (e.g., NIST, ISO 27001, COBIT) is an advantage.
- Experience with risk reporting, documentation, and stakeholder engagement is beneficial but not mandatory.
- Good technical writing, documentation, and communication skills are required.
The IT Risk analyst will be expected to perform the following duties but not limited to:
Risk Management Activities
- Assist in identifying, analyzing, and reporting IT and information security risks.
- Support the investigation of risk events and incidents.
- Participate in risk and control assessments to evaluate the effectiveness of existing controls.
- Conduct deep dives on key inherent, residual, and high-impact risks.
- Support the facilitation of risk workshops with key stakeholders.
- Assist in maintaining IT risk registers and documentation.
- Support compliance monitoring activities to ensure adherence to policies, frameworks, and regulatory requirements.
- Assist in preparing IT risk reports and dashboards for management review.
- Support trend analysis on IT risk data to identify potential areas of concern.
- Work closely with IT, security, and business teams to enhance risk awareness.
- Support training and awareness initiatives related to IT and information security risks.
- Risk Management Fundamentals Understanding of IT risk concepts, risk identification, assessment, and mitigation techniques.
- IT and Cybersecurity Awareness Basic knowledge of IT infrastructure, cybersecurity principles, and common security threats.
- Regulatory and Compliance Knowledge Familiarity with relevant regulations and frameworks (e.g., ISO 27001, NIST, COBIT, POPIA, GDPR).
- Data Analysis and Reporting Ability to analyze risk data, generate reports, and identify trends.
- Incident Investigation Support Assisting in risk incident analysis and documentation.
- Control Assessment Understanding of IT controls and their role in risk management
