JOB DESCRIPTION –
HEAD: IT RISK & COMPLIANCE
All IT risk management activities are coordinated through this role. IT includes the
coordination of IT policy drafting and scheduled review. The Head: IT Risk and Compliance
is responsible to maintain the IT Risk Framework and its associated controls and reporting.
This role is responsible to evaluate overall information technology risk, maintain an active
view, and report on the actual, mitigated and residual risk
in the technology organization. All
compliance closure activities are coordinated through this role, including the control and
actual submissions for closure.
PRIMARY PURPOSE OF THIS POSITION
1. Risk Identification, Assessment and Evaluation
KEY PERFORMANCE AREAS (KPA’S)
Identify, assess and evaluate risk to enable the execution of the enterprise risk
information and review documentation to ensure that risk scenarios are
identified and evaluated.
Identify legal, regulatory and contractual requirements and
and standards related to information systems to determine their potential impact on
the business objectives.
Identify potential threats and vulnerabilities for business processes, associated data
and supporting capabilities to assi
st in the evaluation of enterprise risk.
Create and maintain a risk register to ensure that all identified risk factors are
Assemble risk scenarios to estimate the
likelihood and impact of significant events to
scenarios to determine their impact on business objectives.
Develop a risk awareness program and conduct training to ensure that stakeholders
understand risk and contribute to the risk management process and to promote a
Correlate identified risk scenarios to relevant business processes to assist in
identifying risk ownership.
Validate risk appetite and tolera