Executive Manager, Business IT Risk and Control Governance

JOB SUMMARY

As part of the IT Division's strategy to enhance Operational Resilience, we are seeking an Executive Manager, Business IT Risk & Controls Governance (EM, BITRCG) to join our team. This role will report to the Head of IT Risk & Controls and applying the IT Risk
Management Framework/Methodology (ITRMFM*) to identify the IT risks of Business Divisions, controls assessed, and that IT controls are implemented effectively and monitored to safeguard the organization's assets and operations.

*The ITRMFM will incorporate the COBIT and ITIL operating principles and align with the Club's Enterprise Risk Management (ERM) framework which is based on COSO and the Technology Risk Management (TRM) framework which is based on NIST and
ISO.

As a first line of defense risk leader, the EM, BITRCG will ensure that risks related to the IT services across Business Division and associated Key Performance Indicators (KPls) are managed within acceptable tolerance levels. The incumbent will also manage the business IT resilience program to ensure the Club can continue its operations during and after a disruption, safeguarding critical business functions and minimizing the impact of any incidents. The business resilience program should adopt the ISO 2230 and BS 7799 standards.

Key responsibilities of this role include:

1. Collaborate with business stakeholders to execute the pertinent IT risk management activities, such as setting objectives, identifying risk scenarios, assessing risks, evaluate mitigating controls, making risk response decisions in accordance to the residual risk, and monitoring, reporting the associating risk posture.
2. Collaborate with departments across Business Divisions and 2nd line of defense units (i.e. Enterprise Risk Management and Technology Risk Management) to develop risk appetite statements, tolerance thresholds, and Key Risk Indicators.
3. Conduct regular risk assessments and business impact analyses to identify potential threats and vulnerabilities to business operations.
4. Reporting material changes to the risk profile and significant incidents, including lessons learned, to relevant Governance and Stakeholders both within and outside the IT Division.
5. Collaborate with Business Departments to perform business impact analysis (BIA) to understand the potential impact of IT disruptions on critical business functions and develop strategies to mitigate these impacts
6. Collaborate with Business Departments to create and maintain comprehensive business continuity plans to ensure the organization can respond effectively to disruptions. Evaluate the effectiveness of existing business continuity plans and recommend improvements.
7. Work with IT Division and Business Departments to plan and execute business continuity exercises and drills to test the effectiveness of plans and identify areas for improvement.
8. Develop and deliver training programs to raise awareness on IT risk management principles, policies, and best practices. - Promote a culture of risk awareness and accountability throughout the organization.