Job Description

Introduction

Through our client-facing brands Metropolitan and Momentum, with Multiply (wellness and rewards programme), and our other specialist brands, including Guardrisk and Eris Property Group, the group enables business and people from all walks of life to achieve their financial goals and life aspirations. We help people grow their savings, protect what matters to them and invest for the future. We help companies and organisations care for and reward their employees and members. Through our own network of advisers or via independent brokers and utilising new platforms Momentum Group provides practical financial solutions for people, communities and businesses.

Disclaimer

As an applicant, please verify the legitimacy of this job advert on our company career page.

Role Purpose

The IT Risk analyst will report to the Head of Information security and IT risk management assisting in the delivery of IT risk initiatives. This role focuses on supporting the identification and management of IT and information security risks.

Requirements

Qualifications:

Bachelor's degree in

Information Technology, Computer Science, Risk Management, Cybersecurity, or a related field

(or equivalent experience).
Industry certifications (advantageous but not required): +

CompTIA Security+

(entry-level security knowledge)
+

CRISC (Certified in Risk and Information Systems Control)

- beneficial for IT risk understanding
+

ISO 27001 Foundation

- basic knowledge of information security management systems
+

COBIT Foundation

- governance and risk framework understanding

Experience:

3 - 6 years

of experience in IT risk, information security, IT audit, or a related field.
Exposure to

risk assessments, compliance monitoring, or IT control frameworks

is beneficial.
Familiarity with

IT governance frameworks

(e.g., NIST, ISO 27001, COBIT) is an advantage.
Experience with

risk reporting, documentation, and stakeholder engagement

is beneficial but not mandatory.
Good technical writing, documentation, and communication skills are required.

Duties & Responsibilities

The IT Risk analyst will be expected to perform the following duties but not limited to:

Risk Management Activities

Assist in identifying, analyzing, and reporting IT and information security risks.
Support the investigation of risk events and incidents.
Participate in risk and control assessments to evaluate the effectiveness of existing controls.
Conduct deep dives on key inherent, residual, and high-impact risks.
Support the facilitation of risk workshops with key stakeholders.

Governance and Compliance

Assist in maintaining IT risk registers and documentation.
Support compliance monitoring activities to ensure adherence to policies, frameworks, and regulatory requirements.

Reporting and Insights

Assist in preparing IT risk reports and dashboards for management review.
Support trend analysis on IT risk data to identify potential areas of concern.

Collaboration and Awareness

Work closely with IT, security, and business teams to enhance risk awareness.
Support training and awareness initiatives related to IT and information security risks.

Competencies

Risk Management Fundamentals

- Understanding of IT risk concepts, risk identification, assessment, and mitigation techniques.

IT and Cybersecurity Awareness

- Basic knowledge of IT infrastructure, cybersecurity principles, and common security threats.

Regulatory and Compliance Knowledge

- Familiarity with relevant regulations and frameworks (e.g., ISO 27001, NIST, COBIT, POPIA, GDPR).

Data Analysis and Reporting

- Ability to analyze risk data, generate reports, and identify trends.

Incident Investigation Support

- Assisting in risk incident analysis and documentation. *

Control Assessment

- Understanding of IT controls and their role in risk management