Technical Risk Analysis Senior Specialist: IT and Security

Roles & Responsibilities

•To liaise regularly with risk champions and technical division management on IT and security risk matters.
•To train stakeholders, including risk champions and staff on ERM processes and technical risk topics.
•To update and maintain accurate technical risk information in the ERM system, ensuring regular tracking and status reporting
•To promote best practices, continuous improvement, and innovation in ERM-related processes.
•To identify, analyze, and evaluate potential technical risks across IT and Security divisions.
•To conduct both planned and unplanned risk assessments including new product/project due diligence.
•To assess risk exposures (opportunity, hazard, uncertainty) affecting IT and security operations.
•To develop and coordinate execution of mitigation plans in collaboration with technical departments.
•To monitor key technical risk indicators to enable timely action and escalation.
•To conduct business continuity risk assessments, disaster recovery plans, and Single Points of Failure (SPOFs).
•To implement Business Continuity Management (BCM) components such as BIA, Disaster Recovery, and Incident Management.
•To integrate risk management into strategic technical decision-making processes, ensuring resilience.
•    To prepare and submit regular monthly and quarterly technical risk reports for internal and external stakeholders, including top management and the Audit and Risk Committee.
•To generate ad hoc reports and presentations to support the Technology Risk Manager in recommending solutions and improvements.
•To collaborate with the Technical Risk Manager: IT and Security to develop the company’s Risk Appetite Statement.
•To use data analytics and software development techniques to create or improve technical risk monitoring tools.
•To work with other Audit & Risk departments (Internal Audit, Fraud Risk Management, Compliance, BCM) to implement the Combined Assurance Model in technical domains.
•To coordinate remediation of vulnerabilities and penetration-testing findings.
•To evaluate and monitor risks related to third-party vendors and partners, including concentration risks.
•To assess supply chain and third-party security risks,  with focus on critical SaaS and telecom vendors.
•To provide professional advice and support staff on ERM-related matters in technical domains.

Job Requirements

Education
•First degree in a relevant field (Telecommunications, IT Infrastructure, Software Development, or Software Architecture)
•Risk management qualifications are an added advantage
•Fluent in English

Experience
•Minimum of 5 years’ experience in an area of specialization; with experience in supervising/managing others
•Experience working in a medium to large organization 
•At least 3 years technical experience in telecom company or other high tech industries  
•Proven background in managing business risks in telecom or high-tech environments
•Experience in developing or utilizing technical solutions for risk management and in analyzing data for risk insights is an added advantage.
•Practical experience with industry risk frameworks (ISO 31000, NIST RMF/CSF, COBIT, ISO 27001) is highly desirable