IT Risk Management & BCM Specialist


As a member of the Risk Management Department, your role involves the managing the Company's ITRM, operational risk and BCM. You will also to ensure adherence to policies and that IT risk management tools and processes are in line with business needs, and industry best practice.

Under IT risk management, you will ensure ongoing information security and business continuity assessments of new and existing vendors. You will perform walkthroughs of operations and systems and interviews system owners and users to determine workflows and associated information system risks and internal controls, address the risks identified and report the findings and make recommendation for new process flows.

You will participate in the system development cycle of projects and business process changes to ensure that security and control issues are addressed effectively, and provide consulting support to business units in ensuring compliances with Policies and Procedures.

Under Business Continuity Management, you will enhance existing Disaster Recovery and Business Continuity plans and processes, and work with the business and support units to review and analysis of the effectiveness of the BC and DR arrangements. You will design, organise and deliver regular BC/DR exercises and development of realistic scenarios for future exercises.

In addition, you will work with internal IT personnel and SQL vendors in developing a robust, MIS and Reporting Infrastructure for the Risk Management Department.


  • Degree or Master in Computer Science/Information Technology
  • At least 3 years relevant experience in IT risk, IT audit, control or security domains particularly in ISO/IEC 27001:2013
  • Experience in managing financial sector IT security requirements; best practices and methodologies, IT governance and regulatory requirements; including direct responsibility for application and infrastructure security
  • Detailed technical knowledge of database design methodologies will be an advantage
  • Experience in organizational BCP, e.g. Pandemic Planning, IT Disaster Recovery (DR) Planning, Crisis Management and Emergency Response Planning with at least one cycle of BCP implementation will be an advantage
  • Strong organisational skills and ability to prioritise effectively
  • Ability to work independently and as an integral member of the risk management team

Candidates to state last drawn & expected salary. Interested applicants, please email resume (only shortlisted candidates will be notified).