IT & Operational Risk Analyst

To provides oversight, challenge, and assurance across technology and operational risk domains, ensuring risks are effectively identified, assessed, managed, and reported in line with the organisation’s Risk Management Framework and risk appetite. You will work closely with Technology and business stakeholders to independently review and challenge IT risk management practices, control environments, third-party arrangements, and change initiatives. This role is well suited to a risk professional who thrives in a fast-paced, evolving digital environment and is confident providing constructive challenge.

Provide independent review and challenge of IT risk and control assessments

Assess control design and operating effectiveness across key IT domains (e.g., access management, change management, incident management, SDLC, data governance)

Oversee risks relating to cloud services, infrastructure, applications, and system resilience

Provide Second Line oversight of technology transformation and change initiatives

Review and challenge risk acceptances and residual risk positions

Provide independent oversight and challenge of cyber security risk assessments and controls

Review vulnerability management reporting, penetration testing results, and remediation tracking

Monitor cyber-related Key Risk Indicators (KRIs) and emerging threat themes

Challenge control effectiveness across identity & access management, data protection, network security, and incident response

Escalate material cyber risks and ensure appropriate governance reporting

Review and challenge First Line RCSAs and risk registers

Monitor emerging operational risk themes and systemic control weaknesses

Assess remediation plans and validate closure evidence

Provide Second Line oversight of third-party and technology vendor risk management

Review due diligence and ongoing monitoring of critical service providers

Challenge outsourcing risk assessments and concentration risk exposure

Assess IT and data security risks arising from third-party arrangements

Support the development, enhancement, and maintenance of IT, cyber, and operational risk policies and standards

Ensure policies remain aligned with regulatory requirements and industry best practice

Provide guidance to First Line teams on policy interpretation and implementation

Contribute to the ongoing evolution of the Risk Management Framework

Maintain IT-related risk appetite metrics and KRIs

Prepare clear, concise reporting for senior management and Board Risk Committees

Support regulatory engagement and internal audit interactions

#FNBBotswana

#Post

#LI-JJ1

Job Details

Take note that applications will not be accepted on the below date and onwards, kindly submit applications ahead of the closing date indicated below.

13/03/26

All appointments will be made in line with FirstRand Group’s Employment Equity plan. The Bank supports the recruitment and advancement of individuals with disabilities. In order for us to fulfill this purpose, candidates can disclose their disability information on a voluntary basis. The Bank will keep this information confidential unless we are required by law to disclose this information to other parties.

R46866