IT Risk Specialist
About Discovery
Discoverys core purpose is to make people healthier and to enhance and protect their lives. We seek out and invest in exceptional individuals who understand and support our core purpose, and whose own values align with those of Discovery. Our fast-paced and dynamic environment enables smart, self-driven people to be their best. As global thought leaders, Discovery is passionate about innovating in order to not only achieve financial success, but to ignite positive and meaningful change within our society.
Key Purpose of the role
This position will report to the Risk Manager. The successful candidate will be required to facilitate and assist in the implementation of an end-to-end risk management programme for the business unit in respect of Information Technology, Security and Privacy risk disciplines.
Areas of responsibility may include but not limited to
- Facilitate and assist in the roll-out of the IT risk management framework and maturity of IT risk management practices within the business unit
- Capture required risk information onto the GRC system
- Develop appropriate dashboards and reports for various levels of risk reporting
- Monitoring and investigations of DLP events
- Enhance the DLP Dashboards by obtaining specific business process related information from business
- Establish and maintain an up-to-date IT risk register and IT risk profile
- Manage risk reporting in line with reporting cycles.
- Identify practical solutions to address control weaknesses and process deficiencies.
- Assess the validity of mitigation action plans provided by business and ensure completion thereof within the agreed time period.
- Implement and monitor IT risk appetites and key risk indicators
- Maintain the control and process library on BarnOwl for the business unit based on outcomes of audits, reviews and assessments
- Provide support, education and training on risk management principles to build awareness of IT risk
- Assist the Risk Manager on any risk activity requested on an ad hoc basis
- Manage the process of identifying and assessing risks that may pose a threat to the achievement of business objectives. This could include the following:
- Facilitate risk workshops for principal and strategic risks
- Risk event identification, reporting, analyses and investigation
- Risk and control assessments
- Reporting of IT Risk to various audiences, such as Mancos and Excos within the business unit for them to understand their accountability for the risks
- For business unit specific projects, follow the Group Project Risk Framework to manage and report on project related risks
- Takes initiative and works under own direction with the ability to make quick, clear choices which may include tough choices or considered risks
- Upholds ethics and values and demonstrates integrity
- Shows respect for the views and contributions of others
- Demonstrates a willingness to share information
- Strong negotiating and influencing skills
- Excellent communication skills. The candidate should speak fluently and be able to write in a well-structured and logical manner
- Demonstrates an understanding of different organisational departments and functions
- Ability to analyse and assess various data and break them into component parts, patterns and relationships
- Sets high standards for quality and quantity and can work in a systematic, methodical and orderly manner
- Adapts to changing circumstances
- Handles criticism constrictively and learns from it
- Minimum IT degree level education (BCom or BSc in information systems or computer science) with either CISA or CRISC
- Minimum 3 years of experience in an IT enterprise risk environment
- Must have advanced experience and knowledge of NIST CSF, Cobit and ITIL frameworks as well as IT infrastructure, systems processes and IT governance
- Advanced knowledge of Excel, Word, PowerPoint, Power BI and Teams
- Must be affluent in report writing with attention to detail
The Companys approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply