Specialist: IT Risk Management

The Road Accident Fund’s mission is to provide appropriate cover to all road users within the borders of South Africa; to rehabilitate and compensate persons injured as a result of motor vehicle accidents in a timely and caring manner; and to actively promote safe use of our roads.

Purpose of the Job: Reporting to the Manager: IT Risk and Governance, the successful incumbent is responsible for implementing procedures and controls to efficiently identify, assess, mitigate and monitor IT risks, ensuring the protection of the organisation’s assets. Reputation and operational continuity.

Key Performance Areas

Risk Management

• Contribute to the development an IT Risk management framework for key ICT areas:

• Risks associated with products and services.
• Sensitive or confidential information
• Information security
• IT operations
• IT projects
• System recovery and business resumption
• IT outsourcing
• IT Talent

• Conduct comprehensive risk assessments to identify and analyse potential risks associated with IT systems, processes, and projects.
• Develop and implement risk mitigation strategies and controls to minimize the likelihood and impact of identified risks.
• Manage exposures, insurance, legal/ regulatory requirements, cost justifications, vendor agreements, and business continuity.

Business Continuity and Disaster Recovery

• Contribute to business impact analysis and align IT continuity plans accordingly.
• Develop and implement standard risk assessment, business impact analysis, and BCM tools and capabilities.
• Facilitate insurance and vendor agreements for disaster events.

Incident Response and Crisis Management

• Maintain incident response plans and procedures to effectively respond to and recover from IT incidents and disruptions.
• Participate in crisis management exercises.

Third Party Risk Management

• Evaluate and manage risks associated with third-party vendors, suppliers, and service providers.
• Assess third party security controls, contractual obligations, and service level agreements to mitigate risks and ensure compliance with IT policies.

Cloud Services Risk Assessment and Mitigation

• Conduct risk assessments for cloud services, develop mitigation strategies, and manage relationships with cloud service providers.
• Evaluate and manage relationships with cloud service providers, ensuring that contractual agreements, service level agreements (SLAs), and security commitments meet the organization's requirements.
• Oversee change management processes for cloud environments.

ICT Compliance

• Collaborate with IT teams and business units to ensure that information technology systems and services meet risk management and compliance objectives.
• Conduct regular audits and assessments of information technology systems and services to ensure that they are secure and meet compliance requirements.
• Ensure a compliance framework is maintained in accordance with required standards.

Policy Review and Implementation

• Contribute to the development and implementation of departmental policies, standards, procedures, and processes.
• Stay updated with effective policy execution strategies.

Reporting

• Define key performance indicators (KPIs) and metrics to measure the effectiveness of IT Risk processes and controls.
• Prepare status reports on IT BCM matters, measure BCM program maturity, and publish DR program reports.
• Monitoring risk indicators, tracking risk treatment actions, and generating regular reports and dashboards to communicate risk status to senior management and stakeholders.

Stakeholder Management

• Foster proactive relationships with key stakeholders and address inquiries and requests for information.
• Maintain relationships with Enterprise Risk function, Auditors, service providers, and procurement teams.

Qualifications and Experience

• Bachelor’s Degree/ Advanced Diploma in Information Technology/ Risk Management related qualification
• ITIL will be an added qualification.
• Relevant 5 - 7 years’ experience in a Risk Management or an Information Technology related environment.

Technical and Behavioral Competencies Required

• Resilience.
• Network and alliance.
• Employee engagement.
• Ethics and values.
• Change management.
• Critical and innovative thinking
• Policy conceptualisation and formulation.
• Risk Management.
• Stakeholder development and relations.
• Reporting.
• Knowledge of information technology risks, governance and regulatory requirements, and risk management methodologies.
• Data security management.
• IT risk management.
• Innovation and business improvement.
• Risk assessment.
• Knowledge of Software Vulnerability.
• Communication skills.
• Analytical skills.

NB: “RAF offers Total Employment Cost packages with no additional contributions from the Employer, successful candidates are required to structure their packages in a manner that will suit their needs”.

The Road Accident Fund subscribes to the principles of employment equity and preference will be given to People with Disabilities.

Applicants who have not received any correspondence from us within six weeks from the closing date can consider themselves unsuccessful

Security Vetting shall be conducted on all prospective employees

It is the applicants’ responsibility to have foreign qualification evaluated by the South African Qualification Authority (SAQA) and to provide proof of such evaluation.