JOB SUMMARY

The purpose of this position is to coordinate with the IT department in preparing and updating the departmental risk registers. The incumbent is also responsible to prepare periodic progress reports derived from the departmental risk registers for submission to the management.

JOB RESPONSIBILITIES

1. Identify controls based on risks for compliance areas of IT business processes.
2. Provide support in the design, implementation and amendment of controls.
 
3. Enable continuous improvement, maintains Business Systems, Infrastructure, SSGC controls catalogue, by providing general and technical guidance on how to maintain relevant controls 
4. Monitor control performance of IT controls across the business for timely and effective execution.
 
5. Report on risks and control effectiveness to Risk Management Committee and Risk & Litigation Committee 
6. Set the standards, operating procedures, templates and tooling.
 
7. Maintains risk register and track risk exposures against risk appetite.
 
8. Escalate any challenges in executing change (e.
g. stakeholder commitment, technical complexity or resource limitations) in a timely manner. 
9. Embed ownership and awareness in first line of defense via training and communication to control owners 
10. Foster an intelligent risk culture across SSGC through communication, training etc.
11. Implementation of SSGC-wide Information Security risk management function.
 
12. Participate in establishing and quantifying the IT department’s “risk appetite”
13. Provide inputs in the plan to maintain the enterprise risk management system up-to-date.
14. Coordinate with the department as per the plan in order to finalize the entries in the risk registers.
15. Assist the IT department in carrying out a thorough information systems risk assessment to obtain an understanding of the risks to the availability, integrity and confidentiality of data and systems.
Include all systems, including hardware, software, data, networks and any business processes to identify threats, vulnerabilities, probabilities of occurrence and potential impact.
16. Contact the departments to check the progress of the actions necessary to mitigate the risks, as specified against each risk within the respective risk register.
17. Assist in conducting training and awareness sessions relating to risk management for the employees of the user departments with a view to create a culture where risks are timely identified and removed with appropriate actions.
18. Prepares monthly reporting for the management on the status of the identified risks and corresponding mitigation actions.
 
19. Highlight risks which needs to be accepted and for which there may not be any appropriate action.
 
20. Assist the IT department in applying the relevant approach in taking steps to reduce IT risks for some systems, accept IT risks where the department has no viable option but to live with the risks, transfer risks where all or most of the systems/assets are insured and avoid risks where the department decides not to engage in a risky activity.
21. Contribute in articles to create risk awareness for publication in the company’s magazines.
 
22. The individual shall ensure compliance to the Enterprise Risk Management Framework enforced in the Company while performing job responsibilities in accordance with his assigned role.
23. The individual shall ensure compliance to the Business Principles and Ethics Policy / Code of Conduct.
24. Perform any other task assigned by superiors.