IT Risk and Security Manager

Job description / Role

Description

We are seeking an experienced professional to take ownership of IT risk and security management. The ideal candidate will ensure a robust risk management framework is in place and foster a proactive, risk-aware culture across the IT organization.

Key responsibilities

• Ensure comprehensive IT risk management framework is established to identify, analyse, mitigate, manage, monitor, and communicate IT risks.
• Ensure the IT risk appetite and tolerance levels are understood, articulated, and communicated, and that IT-related risks are identified and managed.
• Promote an IT risk-aware culture and empower the teams to proactively identify IT risk, opportunity, and potential business impacts.
• Work with Group CISO to ensure the implementation of security controls within GIT.
• Oversee various risk assessment activities in GIT and ensure proper implementation of risk treatment options such as mitigation, transfer, acceptance, etc.
• Deliver periodic risk profile reports and KRI reports to senior management.
• Engage with leadership team to review IT risk profile and risk treatment strategies.
• Manage Technology Risk Committee meetings and ensure closure of action plans.
• Identify, agree, and manage various assurance initiatives and internal reviews across GIT.

Requirements

• Proven experience in IT risk management and security governance roles.
• Strong understanding of risk frameworks, controls, and mitigation strategies.
• Experience working with senior leadership and cross-functional IT teams.
• Excellent analytical, communication, and reporting skills.
• Professional certifications such as CISA, CRISC, CISSP, or similar (preferred).