SENIOR ICT RISK MANAGER, CORPORATE COMPLIANCE & RISK – LEVEL 6 – Zimbabwe Revenue Authority (ZIMRA) 116 views

Key Responsibilities

• Provides strategic advisory services to Business and ICT on emerging technologies, digital innovation and evolving cyber threats affecting the Authority.
• Interprets and translates international ICT risk, security and data protection standards into Authority-wide governance requirements.
• Evaluates Authority-wide ICT investments to assess risk exposure, value realization, and alignment with strategic objectives.
• Assesses ICT project risks from initiation through implementation and post-go-live stages.
• Reviews and validates Business Continuity Plans, BIAs, and ICT Disaster Recovery Plans.
• Provides governance oversight during disaster recovery simulations and incident response testing.
• Monitors system changes and verify replication between primary and DR environments.
• Provides strategic oversight of the ICT Risk Register.
• Prioritises ICT risks based on enterprise impact and risk appetite.
• Assesses Authority systems for security vulnerabilities and control weaknesses.
• Reviews access management, authentication, and logging controls.
• Evaluates communication security and data leakage risks.
• Assesses data protection maturity of vendors.
• Reviews data processing agreements.
• Provides enterprise-wide oversight of compliance with data protection legislation.
• Monitors adherence to Cyber & Data Protection Act and SI 155 of 2024.
• Embeds data protection requirements into ICT and business processes.
• Advises senior management on privacy risks and mitigation strategies.
• Identifies high-risk data processing activities.
• Facilitates privacy risk analysis with stakeholders.
• Recommends safeguards and mitigation measures.
• Tracks implementation of DPIA actions.

Requirements

• Ability to work under pressure.
• Ability to communicate at all levels.
• Ability to work both independently and as part of a team.
• Unquestionable integrity.
• Computer literacy.
• Bachelor’s Degree in Information Technology, Information Systems, Computer Science, Information Security, Risk Management, or a related field is a must.
• Postgraduate qualification in Information Systems Management, Computer Science, Risk Management is a must.
• At least eight (8) years postgraduate experience in ICT / Risk Management.
• Certified Data Protection Officer Certification (POTRAZ) is a must.
• Professional certification in ICT Risk, Information Security, or Governance, such as: CRISC, CISM, or CISA, ISO / IEC 27001 Lead Implementer or Lead Auditor, ISO / IEC 27701 Lead Implementer / Auditor or COBIT Foundation / Design and Implementation is a must.
• Experience in Customs / Domestic Taxes or Tax environment is an added advantage.
• A thorough understanding of risk management practices is a must.

How to Apply