IT Risk Specialist

IT Risk Specialist page is loaded IT Risk Specialistlocations: Randburgtime type: Full timeposted on: Posted Todaytime left to apply: End Date: February 25, 2026 (5 days left to apply)job requisition id: R46671# Job Description To provide advice, guidance and support to the business and technology community to ensure appropriate implementation of an IT risk management programme in accordance with governance and IT risk requirements. To oversee the implementation and monitoring of a risk management framework including policies, standards and security architecture to ensure sound IT management practices. Identify sources of the risk, areas of impact, events and their causes and potential consequences that might create, enhance, prevent, degrade, accelerate, or delay the achievement of IT objectives. Determine the level of risk, which is defined as the combination of the consequences and likelihood of the inherent risk. Conduct impact analysis to ensure resources are adequately protected with proper control measures within acceptable levels of residual risk. Assist IT with creating action plans to mitigate potential risks within the IT environment and comply with governance in terms of legislative, audit and business policy requirements. Follow up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken. Contribute to IT Risk reports, and review and assess quality and accuracy of IT reports. Monitor and analyse IT Risk performance and generate reports Identify areas needing improvement and develop recommendations. Partner with business and IT about monitoring and reviewing risk performance. Monitor and analyse IT Risk performance, and generate reports. Identify areas needing improvement and develop recommendations. Partner with business and IT with regard to monitoring and reviewing risk performance. Provide advice and support to business about tools and methodologies to mitigate IT risks and issues, and to improve identified control weaknesses. Consult with business and technical staff on potential operational impacts of proposed changes to the IT environment. Inform stakeholders about IT risk issues and activities affecting the assigned area or project Report to management concerning residual risk Attend relevant BU committees e.g., Monthly BU IT Risk Committee, BU IT Exco, Project Steering committees, New Product Approval, CAB etc. Monitor the BU's development of DR/BCM test plans, testing, and documentation for each application Review selected change requests to ensure they are appropriately incorporated into the larger business plan. Assist in the identification of root causes (including identification of control failures) of IT-related incidents. Recommend appropriate mitigation of root cause. Maintain an up-to-date understanding of industry best practices. Test adequacy of existing controls and recommend actions for improvement. Monitor the Business Unit's compliance with Group security policies and standards with guidance from their respective ISO and IT Risk Manager. Oversee hygiene reporting and action plans to remediate noncompliance. Assess and monitor the risk posture against tolerance., as it relates to information and cyber security. Provide risk posture on area / system being audited, including known issues and action plans. Assist Business/IT with creating action plans to mitigate the risks from the audit findings. Assess the adequacy of action plans defined by business. Determine revised dates for overdue where necessary and ensure formal revision process is followed. Undertake periodic reviews of the contracts/arrangements to ensure these comply with the Group Sourcing and Vendor Management policy. Collaborate with IT Operational/Risk teams to ensure delivery of projects. Provide status updates to relevant stakeholders. Assist team members with removing blockers to achieve their tasks. "Provide IT Risk briefings to advise on critical issues that may affect the business. Conduct knowledge transfer training sessions to both internal and external stakeholders regarding risk programmes." Monitor accuracy of the IT Asset Register and CMDB (Configuration Management Database). Monitor the IT process for updating IT Asset Register and CMDB. Job Details # Take note that applications will not be accepted on the below date and onwards, kindly submit applications ahead of the closing date indicated below. 25/02/26All appointments will be made in line with FirstRand Group's Employment Equity plan. The Bank supports the recruitment and advancement of individuals with disabilities. In order for us to fulfill this purpose, candidates can disclose their disability information on a voluntary basis. The Bank will keep this information confidential unless we are required by law to disclose this information to other parties.Introduce yourself to our recruiters and we will get in touch if there's a role that seems like a good match.Should you have any queries, please log it via .