Group: Snr IT Risk Management – Group Coordination MMH

Role Purpose

Group Snr IT Risk Management (Group Coordination) is responsible for orchestrating, integrating, and elevating IT risk management across the Momentum Group’s federated operating model. The role provides group-wide visibility, consistency, and insight into IT and technology-related risks by coordinating across Business Units, identifying common themes and systemic risks, and ensuring effective reporting, remediation, and regulatory alignment.

This role is not a BU execution role, but a group coordination, facilitation, and risk-intelligence role, enabling strong risk outcomes through collaboration, influence, and structured oversight.

Experience

• 8 years’ experience in risk management, with primary depth in IT Risk Management
• Strong grounding in Enterprise Risk Management within a complex organisation
• Experience operating in federated or multi-business group environments

Proven Exposure To

• IT risk frameworks and assessments
• Audit processes and regulatory engagement
• Board and executive-level risk reporting

Industry Experience

• Financial services experience strongly preferred
• Experience in regulated environments with evolving technology and cyber risk landscapes

Qualifications

Relevant tertiary qualification in:

• Risk Management
• Information Systems
• Technology, Audit, or related discipline

Professional Certifications Advantageous

• CRISC, CISA, CISM, CGEIT, or equivalent
• Risk or governance-related certifications

• Group-Wide IT Risk Integration
• Coordinate IT risk management activities across all Business Units within the federated group model
• Build and maintain a group-level view of IT risk, consolidating BU risk profiles into umbrella and systemic risk themes
• Identify cross-cutting risks, interdependencies, and concentration risks that may not be visible at BU level
• Facilitate alignment on risk interpretation, assessment approaches, and treatment strategies across BUs
• Risk Insight, Trend Analysis & Thematic Identification
• Analyse IT risk data, incidents, audit findings, and remediation plans across the group to identify emerging patterns and recurring themes
• Develop forward-looking risk insights, including emerging technology risks, regulatory impacts, and operational vulnerabilities
• Drive group-wide discussions on common risk drivers and potential coordinated remediation approaches
• Reporting & Governance Enablement
• Support and coordinate group IT risk reporting for:
• Board-Level Committees
• Management Risk Committees
• Regulatory submissions
• Translate complex IT and technology risks into clear, decision-useful risk narratives for senior leadership
• Ensure consistency, quality, and completeness of IT risk reporting across the group

• Audit Coordination & Assurance Support
• Maintain an IT risk audit landscape, tracking audit coverage, themes, and outcomes across BUs
• Support BUs in responding to audit findings and ensure visibility of remediation progress at group level
• Identify audit-driven themes that indicate systemic weaknesses or control design issues
• Remediation Facilitation & Issue Oversight
• Support and facilitate remediation of IT risk issues across BUs, particularly where issues are common or systemic
• Facilitate cross-BU collaboration on remediation strategies and good practices
• Track progress of key IT risk actions and escalate where risks remain unresolved or delayed
• Regulatory & Compliance Monitoring
• Monitor and interpret key technology-related regulatory and supervisory requirements, including:
• Cyber resilience and technology risk standards
• IT resilience and operational continuity requirements
• Data protection and privacy-related obligations (in collaboration with the DPO)
• Translate regulatory expectations into group-level risk implications and actions
• Work with relevant stakeholders to coordinate compliance responses and remediation efforts

This role is heavily relationship-driven and depends on trust, credibility, and influence rather than authority.

• Build strong, constructive relationships with BU IT Risk Managers and Risk Officers
• Act as a connector between IT Risk, Information Security, Data Privacy, BCM, and Enterprise Risk
• Facilitate risk conversations that encourage openness, learning, and shared ownership
• Support a culture of risk awareness, accountability, and proactive management