DUE: 09 NOV 2023
To provide second line of defence and supplement line one effort towards preserving and protecting capital and earnings against operational risk. This involves independent operational risk measurement, monitoring and reporting. It also includes validating effectiveness and adequacy of operational risk management by line management.
The Operational Risk Specialist shall at a minimum undertake the following:
a. Evaluate overall information technology risk, maintain an active view, and report on the risks.
b. Perform risk assessments to reassess current risks and to identify emerging key risks (operational, compliance, technology, third party, etc.).
c. Conduct on-site risk audits/assessments and evaluate the adequacy of the IT, security and automated processing controls and the effectiveness of general computer controls in effect in the IT environment in line with the Operational Risk Policy.
Review the means of safeguarding information assets (e.g. network, operating system, and data center) and monitoring of ongoing performance metrics established by the IT and Security Departments, including evaluating if security vulnerabilities are properly identified and mitigated.
e. Perform various other reviews of IT management policies and procedures such as change management, business continuity planning/ disaster recovery and information security to ensure that controls surrounding these processes are adequate.
f. Assist to monitor, analyse, and report on key performance operational risk indicators including IT risk metrics and data monthly.
g. Apply data analytics tools in analyzing data to improve efficiency and effectiveness on Risk management reviews (including for risk assessments). Perform data analysis on complex data sets to provide meaningful information and insight to the business.
h. Participate in IT related implementation projects and initiatives to bring pro-active risk management focus into solutions through close involvement.
i. Monitor, and report on, the overall quality of the institution’s operational risk management and the effectiveness of Business continuity and Disaster recovery plans (BCP & DRP).
j. Continuously research, develop, and recommend modern ICT risk management techniques for implementation.
k. Attend to any other issues assigned by management from time to time.
Bachelor Of Commerce Honours Insurance And Risk Management: Information Technology And Computer Science: Information Technology Management