Group: Snr IT Risk Management

Momentum Group is a South African-based financial services group. Our retail and specialist brands drive to build and protect our client's financial dreams. We help people grow their savings, protect what matters to them and invest for the future. We help companies and organisations care for and reward their employees and members.

Momentum Group is one of South Africa's largest life insurers and integrated financial services companies, operating through brands like Momentum, Metropolitan, Guardrisk, and Eris Properties. Through our own network of advisers or via independent brokers and utilising new platforms Momentum Group provides practical financial solutions for people, communities, and businesses. Visit us at

Disclaimer

As an applicant, please verify the legitimacy of this job advert on our company career page.

Group Snr IT Risk Management (Group Coordination) is responsible for orchestrating, integrating, and elevating IT risk management across the Momentum Group's federated operating model. The role provides group-wide visibility, consistency, and insight into IT and technology-related risks by coordinating across Business Units, identifying common themes and systemic risks, and ensuring effective reporting, remediation, and regulatory alignment.

This role is not a BU execution role, but a group coordination, facilitation, and risk intelligence role, enabling strong risk outcomes through collaboration, influence, and structured oversight.

• 8 years' experience in risk management, with primary depth in IT Risk Management
• Strong grounding in Enterprise Risk Management within a complex organisation
• Experience operating in federated or multi business group environments

Proven exposure to:

• IT risk frameworks and assessments
• Audit processes and regulatory engagement
• Board and executive level risk reporting

Industry Experience:

• Financial services experience strongly preferred
• Experience in regulated environments with evolving technology and cyber risk landscapes

Relevant tertiary qualification in:

• Risk Management
• Information Systems
• Technology, Audit, or related discipline

Professional certifications advantageous:

• CRISC, CISA, CISM, CGEIT, or equivalent
• Risk or governance related certifications

• Group Wide IT Risk Integration
  • Coordinate IT risk management activities across all Business Units within the federated group model
  • Build and maintain a group level view of IT risk, consolidating BU risk profiles into umbrella and systemic risk themes
  • Identify cross cutting risks, interdependencies, and concentration risks that may not be visible at BU level
  • Facilitate alignment on risk interpretation, assessment approaches, and treatment strategies across BUs
• Risk Insight, Trend Analysis & Thematic Identification
  • Analyse IT risk data, incidents, audit findings, and remediation plans across the group to identify emerging patterns and recurring themes
  • Develop forward looking risk insights, including emerging technology risks, regulatory impacts, and operational vulnerabilities
  • Drive group wide discussions on common risk drivers and potential coordinated remediation approaches
• Reporting & Governance Enablement
  • Support and coordinate group IT risk reporting for Board Level Committees, Management Risk Committees, Regulatory submissions
  • Translate complex IT and technology risks into clear, decision useful risk narratives for senior leadership
  • Ensure consistency, quality, and completeness of IT risk reporting across the group
• Audit Coordination & Assurance Support
  • Maintain an IT risk audit landscape, tracking audit coverage, themes, and outcomes across BUs
  • Support BUs in responding to audit findings and ensure visibility of remediation progress at group level
  • Identify audit driven themes that indicate systemic weaknesses or control design issues
• Remediation Facilitation & Issue Oversight
  • Support and facilitate remediation of IT risk issues across BUs, particularly where issues are common or systemic
  • Facilitate cross BU collaboration on remediation strategies and good practices
  • Track progress of key IT risk actions and elevate where risks remain unresolved or delayed
• Regulatory & Compliance Monitoring
  • Monitor and interpret key technology related regulatory and supervisory requirements, including cyber resilience and technology risk standards, IT resilience and operational continuity requirements, and data protection and privacy related obligations (in collaboration with the DPO)
  • Translate regulatory expectations into group level risk implications and actions
  • Work with relevant stakeholders to coordinate compliance responses and remediation efforts
• Key Relationships & Collaboration
  • Build strong, constructive relationships with BU IT Risk Managers and Risk Officers
  • Act as a connector between IT Risk, Information Security, Data Privacy, BCM, and Enterprise Risk
  • Facilitate risk conversations that encourage openness, learning, and shared ownership
  • Support a culture of risk awareness, accountability, and proactive management

Technical & Risk Competencies

• Enterprise and IT risk management frameworks
• Technology risk, cyber risk, data risk, and IT resilience
• Audit coordination and issue remediation
• Regulatory interpretation and compliance alignment
• Risk reporting and governance structures

Analytical & Strategic Skills

• Ability to synthesize large volumes of risk information into clear group level insights
• Strong thematic and trend analysis capability
• Strategic thinking with attention to operational realities

Expected Behavioral Attributes

• Collaborative and facilitative - brings people together rather than imposing solutions
• Credible and grounded - trusted by peers and senior leaders alike
• Influential communicator - able to translate risk into language that drives action
• Structured and disciplined - strong follow through and consistency
• Curious and forward looking - anticipates emerging risks and connects dots early
• Resilient and steady - comfortable navigating ambiguity and complexity