Job Description

To provide specialist advice, guidance and support to the business and technology community to ensure appropriate development and implementation of an IT risk management programme in accordance with governance and IT risk requirements.

To oversee the implementation and monitoring of a risk management framework including policies, standards and security.
architecture to ensure sound IT management practices

Hello future IT Risk Specialist,

Welcome to FNB, the home of the #changeables. We design for the shapeshifters and deliver products and services that make us incredibly proud of the people that make it happen.

As part of our Personal and Private IT Team, you will be surrounded by unique talents, diverse minds, and an adaptable environment that lives up to the promise of staying curious. Now’s the time to imagine your potential in a team where experts come together and ignite effective change.

Are you someone who can:

• Provide specialist advice and guidance to ensure the development and implementation of IT risk management programmes
• Identify sources of IT risk, assess areas of impact, and determine potential consequences
• Conduct impact analysis and recommend control measures to maintain acceptable levels of residual risk
• Assist IT teams in creating action plans to mitigate risks and ensure compliance with governance, legislative, and audit requirements
• Monitor and analyse IT risk performance, generate reports, and identify areas for improvement
• Follow up on deficiencies identified in audits and assessments to ensure remediation measures are implemented
• Consult with business and technical teams on operational impacts of proposed IT changes
• Oversee compliance with Group security policies and standards, and monitor hygiene reporting
• Review change requests and ensure they align with business plans and risk frameworks
• Collaborate on IT continuity and disaster recovery planning, including test plans and documentation
• Benchmark IT practices against industry best practices and recommend improvements
• Manage IT risk projects from conceptualisation to delivery, ensuring alignment with frameworks and governance which includes risk assessments.
• Maintain expert knowledge on relevant legislative amendments, industry best practices and provide advice to relevant stakeholders.
• Maintain up to date knowledge of local and global trends.
• Identify sources of the risk, areas of impact, events and their causes and potential consequences that might create, enhance, prevent, degrade, accelerate, or delay the achievement of IT objectives.
• Determine the level of risk, which is defined as the combination of the consequences and likelihood of the inherent risk.
• Conduct impact analysis to ensure resources are adequately protected with proper control measures within acceptable levels of residual risk.
• Assist IT with creating action plans to mitigate potential risks within the IT environment and comply with governance in terms of legislative, audit and business policy requirements.
• Follow up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.
• Contribute to IT Risk reports, and review and assess quality and accuracy of IT reports.
• Monitor and analyse IT Risk performance and generate reports Identify areas needing improvement and develop recommendations Partner with business and IT about monitoring and reviewing risk performance.
• Monitor and analyse IT Risk performance and generate reports.
• Identify areas needing improvement and develop recommendations.
• Partner with business and IT with regard to monitoring and reviewing risk performance.
• Provide advice and support to business about tools and methodologies to mitigate IT risks and issues, and to improve identified control weaknesses.
• Consult with business and technical staff on potential operational impacts of proposed changes to the IT environment.
• Inform stakeholders about IT risk issues and activities affecting the assigned area or project Report to management concerning residual risk.
• Attend relevant IT and BU committees e.g., LRC/IT Risk forum, Monthly BU IT Risk Committee, BU IT Exco, Project Steering committees, New Product Approval, CAB, etc.
• Monitor the BU's development of DR/BCM test plans, testing, and documentation for each application Review selected change requests to ensure they are appropriately incorporated into the larger business plan.
• Assist in the identification of root causes (including identification of control failures) of IT-related incident recommend appropriate mitigation of root cause.
• Maintain an up-to-date understanding of industry best practices. Test adequacy of existing controls and recommend actions for improvement.
• Monitor the Business Unit's compliance with Group security policies and standards with guidance from their respective ISO and IT Risk Manager Oversee hygiene reporting and action plans to remediate noncompliance Assess and monitor the risk posture against tolerance., as it relates to information and cyber security.
• Provide risk posture on area / system being audited, including known issues and action plans. Assist Business/IT with creating action plans to mitigate the risks from the audit findings.
• Assess the adequacy of action plans defined by business. Determine revised dates for overdue where necessary and ensure formal revision process is followed.
• Assist business with periodic reviews and provide expert advice of the supplier contracts/arrangements to ensure these comply with the Group Sourcing and Vendor Management policy.
• "Provide IT Risk briefings to advise on critical issues that may affect the business. Conduct knowledge transfer training sessions to both internal and external stakeholders regarding risk programmes."

You will be an ideal candidate if you:

• Have a relevant qualification in Computer Science, Information Systems, or related fields
• Bring 4–6 years of experience in IT risk management or a similar environment
• Possess strong knowledge of IT risk frameworks, governance, and security standards

You will have access to:

• Understanding the Collections IT business unit that supports Collections Platform and Enablement (CPE)
• Investment onto the “CPE Platform Journey”
• Opportunities to innovate and influence IT risk strategies
• A collaborative environment with diverse teams and thought leaders
• Challenging projects that drive continuous improvement.

We can be a match if you are:

• Curious and courageous – driven to learn and brave enough to challenge the norm
• Obsessed with mastery – committed to excellence and continuous improvement
• A strong communicator who thrives in advisory and collaborative roles
• Willingness to embrace change

Are you interested to take the step? We look forward to engaging with you further. Apply now!

Job Details

Take note that applications will not be accepted on the below date and onwards, kindly submit applications ahead of the closing date indicated below.

04/02/26