IT Risk Manager

Job Description

Reporting to the CIO, the incumbent will be responsible for providing specialist advice and guidance to the Risk Community and the bank at large to ensure appropriate development and implementation of an IT risk management programme to support the business in achieving its strategies in accordance with FNB governance and IT Risk requirements.

• Maintain the IT Risk Management Framework, methodologies and standards aligned to best practice and enterprise risk policies.
• Define risk taxonomy, tolerance and assessment approach; ensure consistent application across IT.
• Facilitate policy and standard reviews; identify gaps and drive updates and socialisation across business units.
• Proactively identify risks from business change, regulatory developments, architecture and technology changes, vulnerabilities and incidents.
• Perform IT risk and control assessments for high-priority processes; determine inherent and residual risk.
• Evaluate control effectiveness; define and track remediation plans with owners and target dates.
• Maintain the IT Risk Register/Tracker and ensure timely status updates and escalations.
• Design and monitor IT-specific Key Risk Indicators (KRIs); track trends and breaches against thresholds.
• Produce regular risk posture reports covering high/very high risks, major incidents, audit findings, exceptions and emerging risks.
• Present and socialize reports with CIO and relevant committees.
• Record and approve IT operational losses/near misses in the enterprise loss system; drive remediation actions.
• Liaise with Internal and External Audit; provide relevant artefacts, known issues and action plans.
• Review draft reports, assess adequacy of management actions, verify closure in Archer and manage overdue revisions via formal process.
• Partner with Information Security to monitor compliance with security policies and standards and security hygiene reporting.
• Execute IT risk assessments without negatively impacting information/cyber security functions; coordinate on exceptions and dispensations.
• Participate in IT Risk Forums, Risk Committees, CAB and related engagements.
• Provide general IT risk communication and training to IT teams; maintain continuous engagement with ISO/CISO and CIO.
• Assess risks for new products/services, major process changes, market/geography expansions and external factor changes.
• Evaluate testing sufficiency and compensating controls prior to implementation; ensure BAU controls remain effective.
• Periodically review contracts/arrangements for compliance with sourcing and vendor management policy; oversee risk in third-party services.

Qualification, Skills and Experience

• A degree in Computer Science, Information Technology, or related field.
• Professional certification preferred: CRISC, CISA, COBIT, ITIL; an understanding the relevant regulations is an added advantage.

Experience & Skills

• 5+ years of experience in IT risk management, technology governance or assurance
• roles.
• Strong knowledge of COBIT process universe and enterprise risk practices.
• Demonstrated capability in risk and control assessments, KRIs design and reporting.
• Experience collaborating with Information Security, Audit and Operational Risk.
• Excellent communication, facilitation and stakeholder management skills.
• Analytical mindset with ability to translate technical issues into business risk impacts.

 

Important Closing Date Note

Take note that applications will not be accepted on the below date and onwards, kindly submit applications ahead of the closing date indicated below.

02/04/26