Serena Hotels – Risk Management Officer

THE ROLE

Specifically, the successful jobholder will be required to:

• Independently carry out supper user rights control gap analysis, recommend appropriate controls and develop a monitoring matrix on supper user activities across all business systems to ensure privileged access is controlled and not abused.
• Carry out quarterly and ad hoc ICT risk assessments of business systems and provide recommendations of appropriate controls to mitigate and minimize risk exposures and oversee the implementation of risk mitigations.
• Participate in quality assurance activities by validating or overseeing the validation of the correct implementation of security controls before systems enter production.
• Play the role of Data Protection Officer (Monitor that data is captured, stored, processed and disposed off as per the policies. He/she should make sure that data is safeguarded and used responsibly at various functional areas and ensure compliance with the internal policies and data protection regulations.
• Continuously review and improve the ICT controls in place and prepare draft management and board reports.
• Continuously review systems at all levels i.e. servers, applications, database, network devices etc., identify risks and make recommendations on closure of the risks.
• Evaluate ICT controls for all operating systems, applications, database management system interfaces and networks across the business to ensure consistency in achieving compliance requirements (regulatory, standards and internal policies).
• Promote Information security awareness within the business by providing consultation, guidance and conducting relevant awareness programs in liaison with ICT department to ensure compliance culture.
• Proactively anticipate potential threat and vulnerabilities and provide guidance in coordination with the ICT department on effective responses or control measures to be implemented to mitigate them.
• Manage ICT Risks registers by ensuring that they are regularly updated and monitor the implementation of mitigations.
• Be involved in providing forensic data to all reviewers i.e. investigators.
• Provide and analyze ICT department self- assessment reports on all system controls to assist in focused controls
• Carry out risk assessment for all new systems before deployment and ensure that User Testing and Acceptance (UTA) and all sign offs have been sought.
• Support project managers during the project risk management process to identify project risks and treatment approaches for systems/technology risks.

COMPETENCIES AND EXPERIENCE

The successful candidate will be required to have the following skills and competencies:

• A Bachelor’s degree in Information Technology, Computer Science, Information Security or Business related.
• Relevant IT professional qualifications e.g. CISA, CRISC
• A minimum of 3 years working experience in a similar role.
• Understanding of ICT risk and systems control processes.
• Appreciation of risk Methodologies.
• Experience of working in the IT function within hospitality environment will be an advantage.

SKILLS

• Adequacy of personal competencies to effectively maintain quality assurance for TPSM systems in a manner that consistently meets established standards or benchmarks.
• Good understanding of ICT risk control objectives
• Interpersonal and advocacy skills
• Good presentation skills
• Good report writing skills
• Appreciation of risk methodologies and taxonomies.

Method of Application

.

.

.