IT Risk Analyst

IBP Operational Risk (OR) is looking for an individual with a sound understanding of Technology & Information Security Risk to help the OR team adequately monitor and challenge the implementation of the Operational Risk framework within the Technology function, and monitor and challenge whether IBP's Technology & Information Security Risks are within the Board's approved risk appetite. The role will look at a wide range Technology areas including the roll-out of new and modern technologies. The role is responsible for oversight of the implementation of the Operational Risk Framework which includes: Critical Outsourcing assessments – providing subject matter expertise to conduct independent risk assessment, including inherent risk articulation, control effectiveness assessments, residual risk ratings and summaries, capturing and monitoring of follow up actions, and ensuring appropriate escalation / approval / reporting of risks identified to be out of appetite. Risk Event Reporting – providing guidance and challenge around First Line of Defence operational risk event reports to ensure key details are captured accurately and in a timely manner, including business impact and tracking of appropriate follow up actions. Action Tracking – oversight of risk mitigation plans and closure evidence to ensure plans are fit for purpose, and have been executed effectively Risk Acceptance – review and challenge of risks proposed for acceptance to ensure risks are accurately described, classified and processed in line with the risk management framework. Reporting – providing support to ensure technology risks are appropriately considered for escalation into the risk governance structure. Forward Looking Risk – support the Technology Risk community through scanning of emerging themes and horizon risks. Culture – support the broader operational risk community through advocacy of goals and processes, providing training and awareness activities where required. Training - Promote operational risk awareness and conduct training where required. Technical knowledge Previous experience in a technology risk management role (any line of defence) or keen interest in moving to such a role Minimum 5 years' experience in a financial institution or other regulated environment Professional certifications an advantage (e.g. CISSP, CRISC, CISA, CISM) including in related skills such as project management, technology processes Familiarity with modern technologies (e.g. Cloud, APIs, DevOps, AI) Skills and how they are applied Comfortable challenging risk decisions made by the 1LoD Comfortable taking ownership of tasks and able to operate autonomously Passionate about technology risk and information security Demonstrable competency in operational risk management, stakeholder management, and taking a risk-based approach What's in it for me? At Investec, you'll be empowered to bring your authentic self, contribute new ideas, and grow alongside colleagues who share your drive for excellence. You will be part of a collaborative and creative culture where we encourage and are committed to sustainability across our global business. You will share in our purpose of creating enduring worth and together, we'll achieve things tomorrow that hardly seem possible today