Job Description

Business Unit: Discovery Central Services



Function: IT Risk Management



Date: 2 Nov 2023





Discovery xe2x80x93 Group Risk Management
Senior IT Risk Specialist


About Discovery


Discoveryxe2x80x99s core purpose is to make people healthier and to enhance and protect their lives. We seek out and invest in exceptional individuals who understand and support our core purpose, and whose own values align with those of Discovery. Our fast-paced and dynamic environment enables smart, self-driven people to be their best. As global thought leaders, Discovery is passionate about innovating in order to not only achieve financial success, but to ignite positive and meaningful change within our society.


About Group Risk Management


The Group Risk Management (GRM) Function is a group risk management function independent of day-to-day management. Its primary responsibilities include:

• assisting the Group to identify, assess, monitor, manage and mitigate its material risks, and promote a sound risk culture; and
• Assisting the Discovery Limited Board and senior management to develop and maintain the Groupxe2x80x99s risk management system, including promptly informing the Discovery Limited Board of any circumstance that may have an adverse material effect on the risk management system of the Group.

The Discovery Group Comprises of the following entities:

• SA Insurance Composite
• Discovery Bank Limited
• Vitality Global
• Vitality UK

GRM works closely with Internal Audit, Compliance, 1st line Risk Officers and Discovery actuaries.


Key Purpose


The Senior IT Risk Specialist is a critical role within the organisation, responsible for ensuring the effective management and mitigation of IT-related risks. This position plays a pivotal role in safeguarding the company's information systems, technology infrastructure, and digital assets against potential threats. The Senior IT Risk Specialist will work closely with various departments and stakeholders to identify, assess, and manage IT risks, ensuring compliance with regulatory requirements and industry best practices.


Areas of responsibility may include but not limited to


The successful candidate will be required to perform but not limited to the following key outputs in respect of the IT and Project risk portfolio:

• Risk Identification and Assessment

• Identify potential IT-related risks (emerging and current) and vulnerabilities within the organisation's technology infrastructure, applications, and processes.
• Conduct detailed risk assessments and gap analyses to evaluate the impact and likelihood of identified risks.
• Collaborate with IT teams and business units to understand and document risk factors and controls.

• Risk Management and Mitigation

• Develop and implement risk management strategies, frameworks, and procedures to address identified risks effectively.
• Work with relevant teams to identify IT controls or processes that requires enhancement, thereby ensuring they align with the organisation's risk appetite and industry standards.
• Provide guidance on and challenge businessxe2x80x99 risk mitigation strategies and control implementations to minimize exposure to IT risks.
• Assist businessxe2x80x99 in designing and implementing KRIs aligned to the organisationxe2x80x99s risk appetite that would facilitate the escalation of material IT related risks.

• Compliance and Regulatory Oversight

• Stay updated with industry regulations, standards, and best practices related to IT risk management and data protection.
• Ensure the organization's IT practices and controls comply with relevant laws, regulations, and contractual obligations.
• Collaborate with compliance and legal teams to address any IT risk-related compliance issues.

• Incident Response and Recovery

• Review the effectiveness of the testing performed related to incident/ recovery response plans for IT-related security breaches or disruptions.
• Conduct post-incident reviews to identify lessons learned and areas for improvement.

• Training and Awareness

• Organise and deliver training sessions for employees, educating them about IT risks, based on security best practices, and their role in risk management.
• Raise awareness within the organisation about the importance of IT risk management and maintaining a security-conscious culture.

• Reporting and Communication

• Prepare and present comprehensive reports on IT risk assessments, trends, and mitigation efforts as well as aggregated reporting on key information to senior management and relevant stakeholders.
• Communicate complex IT risk concepts to non-technical audiences effectively.

• 3rd Party Risk Management

• Evaluate and assess IT risks associated with third-party vendors and service providers.
• Collaborate with procurement and legal teams to ensure vendors comply with IT security and risk management requirements.

Education and Experience

• Bachelorxe2x80x99s degree in information technology, Computer Science, or a related field.
• A master's degree or relevant certifications (e.g., CISA, CISSP, CRISC) may be preferred.
• Proven experience (typically 5+ years) in IT risk management, information security, or a related field, with at least some years in a senior or leadership capacity.
• In-depth knowledge of IT risk management frameworks, methodologies, and best practices.
• Familiarity with relevant regulations and standards (e.g., ISO 27001, NIST, GDPR/POPIA) and their application in IT risk management.
• Strong analytical skills and the ability to assess complex IT systems and processes for potential risks.
• Excellent communication and presentation skills to interact with stakeholders at various levels of the organisation.
• Demonstrated ability to work independently, lead cross-functional teams, and handle multiple priorities simultaneously.
• A proactive approach to risk identification and a continuous improvement mindset.
• Advanced knowledge of Excel, Word, PowerPoint, Power BI, and Teams

EMPLOYMENT EQUITY

The Companyxe2x80x99s approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.