Job Description

Introduction

Through our client-facing brands Metropolitan and Momentum, with Multiply (wellness and rewards programme), and our other specialist brands, including Guardrisk and Eris Property Group, Momentum Group Limited enables business and people from all walks of life to achieve their financial goals and life aspirations.

We help people grow their savings, protect what matters to them and invest for the future. We help companies and organisations care for and reward their employees and members. Through our own network of advisers or via independent brokers and utilising new platforms, Momentum Group Limited provides practical financial solutions for people, communities and businesses. Visit us at www.momentumgroupltd.co.za

Disclaimer

As an applicant, please verify the legitimacy of this job advert on our company career page.

Role Purpose

The role will be positioned within the risk management function of Momentum Insure. The function's purpose is to provide subject matter expertise and input on industry best practice risk management frameworks, controls and risk treatment plans, as well as identifying, assessing and monitoring of IT and operational risk exposures across the business.

This function also ensures that Momentum Insure's IT and operational risk assurance needs are identified by applying a risk-based criterion that is used to develop control audits.

Requirements

Experience and Qualifications

A relevant degree in Computer Science, Information Technology, Internal Audit, Risk Management or equivalent at NQF level 7.
At least 3-5 years' experience in an IT, information security risk or an operational risk role (or a combination of these) within the financial services industry.

Duties & Responsibilities

Assist in the implementation of policies and frameworks, and compliance standards for IT and operational risk management, including the consideration of the necessary risk appetite statements and key risk indicators, ensuring that IT and operational risk management techniques and tools incorporate innovative technological solutions.
Perform and monitor IT and operational risk assessments, which encompasses identifying, assessing, measuring, prioritizing and reporting of risks that may impact the business.
Assist in developing an annual risk-based audit plan (RBAP) for Momentum Insure to provide assurance on key IT and operational risks and business activities.
Testing and tracking of management actions to remediate and close IT and operational risk related audit findings & issue log testing.
Ensure relevant and timeous reporting on risk assurance reviews and findings.
Administration of the Risk and Control Self-Assessment (RCSA), key risk indicator (KRI) monitoring and validation, and providing assistance to the IT and Operational Risk Manager in the execution and monitoring of other operational risk tools.
Provide assistance to the IT and Operational Risk Manager with the implementation of technologies and platforms to promote IT and operational risk process efficiencies.
Perform root cause analysis and identify thematic IT and operational risk exposure across the business.
Analyse IT and operational risk information to perform trend analysis and correlate this with industry experience, where possible.
Engage with senior stakeholders to promote timely and accurate information/updates to assurance and risk processes, ensuring that the role remains acutely aware of any key IT and operational process changes to enhance risk oversight. Develop remedial plans with IT and operational risk owners to manage these risks to desired levels on an ongoing basis.
Provide input on IT and operational risk quarterly reporting, in terms of risk exposure and associated mitigating plans.
Ensure quarterly SANS Top 20 is submitted to Momentum Group IT Security.
Ensure that regular (at least quarterly) Logical User Access Management assessments are completed.
Provide support to the Business Continuity Officer and IT and Operational Risk Manager during the annual disaster recovery testing process, where deemed appropriate.
Provide IT and Operational risk input into the Third-Party risk management process, including reviewing of Third-Party risk assessments and questionnaires.

Competencies

Skills and behavioural competencies:

Written and verbal communication skills
Presentation skills
Influential and assertive, displaying self-confidence
Negotiation skills
Relationship management
Analytical skills and attentive to detail
Planning and organising skills
Upholding standards

Knowledge:

Requires knowledge of information technology risk issues, techniques and implications across a wide variety of existing information technology platforms.
Understanding of IT and operational risk management practices within the financial services industry.
Requires knowledge of the relevant regulatory, legislative, governance, risk and compliance landscapes would be beneficial to the role
* Understanding of Enterprise Risk Management (ERM) and Own Risk and Solvency Assessment (ORSA) practices and philosophies would also be beneficial to the role.