Information Technology Risk Manager

The IT Risk Manager role serves as a best practice/quality contributor supporting the organisations’ IT & Ops Risk Management Programme. The individual will act as first line of defence providing RCG risk assessments and other risk management activities including risk identification, profiling, assessment, response, evaluation and advising on issues and remediations to support the overall IT & Ops organisation. This position supports the risk management activities in alignment with the Risk and Controls Governance framework.

Strategy and Transformation:

• Align with Group RCG target state program based on the planned roadmap including governance, risk management methodologies, technology enablement and automation, metrics, and reporting.
• Collaborate with the three lines of defence and other risk functions on behalf of IT & Operations to support, enable and align the Risk and Controls Governance strategy within the broader risk functions.
• Engage stakeholders at all levels across businesses and divisions to ensure effective communication and sufficient stakeholder input and buy-in.
• Help develop education, training, and awareness campaign materials regarding IT & Operations risks as well as critical communications to help provide clarity and adoption.

Operational Activities:

• Execute Risk and Controls Governance operational activities including: Risk profiling (inherent risk assessment), risk assessments for processes, applications, and infrastructure, risk and scenario analysis for IT & Operations risks, risk metrics and reporting.
• Document and develop materials for leadership to review issues identified through these activities.
• Help the business create, direct governance channels, and monitor execution of the risk response plans in alignment with methodology.
• Act as the point of contact to assist and respond to questions from key stakeholders and the business; manage required escalations and communication.
• Provide IT & Operational guidance and risk advisory support to key initiatives.
• Develop materials to provide regular updates to Executives on the overall health of the functional areas including preparing necessary information to facilitate management discussion and decision making.
• May prepare and present training materials using methods appropriate to the audience.
• Update management on the progress of owned tasks.
• Escalate issues as appropriate.
• Perform other duties as directed by the Performance & Governance Director, or CIO & Head of Transformation.
• May perform other duties as assigned.

Person requirements:

• Proven experience (5+ years desirable) with IT & Operations Governance and risk functions with a focus on identifying, assessing, and mitigating risks.
• IT Risk and Compliance, Audit, or Quality certifications desirable (e.g. CISSP, CISM, CISA, CIA, CRISC, CGEIT, CIAC, ISO, etc.).
• Ability to develop and maintain risk registers, control libraries, and compliance documentation.
• Strong analytical skills to assess complex risks and recommend appropriate risk mitigation strategies and controls.
• Experience in collaborating with cross-functional teams, including Operations, IT, security, compliance, and business units, to drive risk management initiatives.
• Strong interpersonal skills to support stakeholder communication and engagement across departments.
• Experience with technology process, risk and control frameworks.
• Excellent interpersonal, consultative and communication skills.
• Ability to interact effectively at all levels with clients, consultants, vendors, peers, and IT management and staff.
• At ease presenting to large audiences.