IT Risk Manager


IT Risk Manager

Information technology
Head Office , JHB
IT Risk Manager
A vacancy exists for a IT Risk Manager at Life Healthcare, Head Office, reporting to the Group Risk Manager.

The purpose of risk management is to safeguard Life Healthcare Group, its customers, reputation, assets and the interests of stakeholders by ensuring that a comprehensive process for identifying, assessing, monitoring and managing all key risks is in place, thus facilitating the achievement of its business objectives.

This role is within Group Risk and the IT Risk Manager is responsible for providing oversight and for evaluating overall information technology risk, maintaining an active view, and reporting on the actual, mitigated and residual risks in the Group IT area.  The IT Risk Manager is responsible for ensuring that all activities and duties are carried out in full compliance with regulatory requirements, enterprise wide risk management framework and internal policies.


Critical Outputs
  • Establish and maintain a risk management philosophy and culture within Group IT through awareness campaigns, training initiatives and regular interaction with Group IT staff at all levels.
  • Provide input into the development and implementation of a strategic enterprise risk management plan that encompasses risk management oversight and reporting activities for Group IT.
  • Provide input into and maintain the risk maturity profile of the Group and of Group IT.
  • Ensure that the Risk Management Frameworks are effective in Group IT.
  • Ensure that appropriate risk assessments are done across all areas within Group IT by facilitating the identification and assessment of all key risks, utilising appropriate tools and techniques.
  • Ensure that risk issues identified are monitored, reported, escalated to relevant person/s & Committee/s and corrective actions are taken.
  • Provide qualitative risk status reporting with accurate and reliable business information together with analysing trends and data to relevant stakeholders.
  • Reporting emerging threats and risks timeously to relevant stakeholders.
  • Continuously research advanced IT risk management techniques and methodologies and introduce new risk initiatives, with the view of improving the sustainability of Group IT.
  • Monitor the information technology legal and regulatory environment for developments.
  • Participate in IT projects and initiatives to bring pro-active risk management focus into solutions.
  • Collect and analyse operational losses in Group IT as well as all system related incidents, perform trend and root cause analysis.
  • Recommend value add risk management solutions to reduce the risk of re-occurrence.
  • Ensuring application access vulnerabilities are identified and addressed in a timely manner.
  • Monitoring applications risks and investigating security incidents.
  • Ad-hoc monitoring of system/application security.
  • Oversee security incident and response management.
  • Facilitate and oversee the development and implementation of a Cyber Incident Response Plan.
  • Analyse and assess threats and vulnerabilities regarding information assets and make recommendations on the appropriate security controls and measures.
  • Review the effectiveness of information security and make value add recommendations.
  • Ensure that the BCP for Group IT and that the Group Disaster Recover Plan is continually updated.
  • Facilitate the testing of BCM and DR.
  • Ensure that appropriate risk management and Group IT policies and procedures are in place and updated as required.
  • Assist with and provide input into the development of relevant IT standards, policies, procedures and guidelines for controls to manage identified risks.
  • Analysing of IT specific audit findings and follow up on resolution thereof in terms of sustainability.
  • Support IT management to ensure that strategic decisions within Group IT takes full account of the current and emerging risk profile.
  • Monitor the adequacy and efficiency of the risk processes and guide Group IT’s management where appropriate.
  • Review the Risk appetite statement and ensure that there is alignment within Group IT.
  • Conduct stress testing and scenario analysis.
  • 4 – 6 years’ experience in IT audit and / or IT risk management (with a special interest in IT Security) in the healthcare, banking or financial services industry.
  • Completed Bachelor degree or CRISC / IT and risk management qualifications.
  • Training in relevant security standards and good practices, such as ISO 27001, ISO 27002 and COBIT.
  • Understand the risks associated with: operating system, database, applications/interfaces; network device, web technologies, teamwork typology encryption, middleware.
  • Experience in Information Security with a solid knowledge of information security risks.
  • Excellent understanding of risk management concepts and measurements.
  • Working knowledge of Risk Management Systems and Measurement Tools.
  • Accuracy in terms of risk calculations and ratios.
  • Business continuity and IT disaster recovery management exposure.
  • Strong relationship building qualities.
  • Solid knowledge of Microsoft Excel, Word & PowerPoint.
  • Insight into all regulatory requirements related to information technology.
  • Excellent Presentation skills.
  • Strong analytical skills.
  • Ability to utilise/source all appropriate resources that will enhance the functioning of the department.
  • Strong communication skills (verbal, written and presentation).
  • Strategic orientation
  • Influencing skills
  • Commercial acumen
  • Excellence orientation
  • Growth and expansion
  • Customer responsiveness
  • Leadership
  • Strategic Business Insight
  • Stakeholder Management
  • Motivating and developing people
  • Results orientated
Closing date
Tuesday, February 9, 2021

Internal applicants – Before making an application, you are requested to discuss your application with your line manager. Only short listed candidates will be contacted. Should you not receive any communication after 2 weeks of closing date, kindly consider your application as unsuccessful.

External candidates will also be considered.

Explore our vacancies and find the right opportunity for you. Download the application form and email to the relevant contact person specified in the job advertisement.

Life Healthcare is an equal opportunity employer.


External Employment Application Form