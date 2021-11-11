- PRIMARY PURPOSE
- To facilitate and monitor the adequate and effective management of Information Technology (IT) Risk Management throughout the Bank as second line of defense. Responsible for the identification, measurement, control and minimisation of loss associated with risks throughout the IT environment. The development, documentation, implementation and monitoring of the Bank’s IT Risk Management Framework and the IT Risk Management Policy. Stay abreast of best practices and regulations from an IT Risk Management perspective and provide advice and or guidance with respect to IT Risk Management practices.
- FINANCE
- Key Performance Area (KPA)
- Cost Management
- CUSTOMER CENTRICITY
- Key Performance Area (KPA)
- Service Excellence
- OPERATIONAL EXCELLENCE
- Key Performance Area (KPA)
- Internal Processes
- Risk Assessments
- IT Risk Management Framework and Policy
- IT Risk Coverage Plan
- Risk Register
- Reporting
- Key Performance Indicator (KPI)
- ? Reduce operating cost through process efficiency and innovation where possible.
- Key Performance Indicator (KPI)
- ? Establish and continuously maintain positive relationships with members of all Departments/Business Units within the Bank. ? Establish and maintain a positive presence of the IT Risk Management function within the Bank by fostering constructive professional relationships with all staff members. ? Build and maintain solid and good relationships with External Regulators and Auditors.
- Key Performance Indicator (KPI)
- ? Identify risks which might occur within the environment through continuous interaction with the relevant Departments/Business Units within the Bank and follow-up with regards to IT Risk assessments performed. ? Review and report on the completed IT Risk assessments and provide recommendations where required from an IT Risk Management perspective. ? Stay knowledgeable of current advances in all areas of IT concerning vulnerabilities, Information Security/Cyber Security breaches and or malicious attacks. ? Identify vulnerabilities or weaknesses in systems and propose remediation plans where required. The progress made with regards to the proposed remediation plans to be tracked until such time that the associated risks and or threats have been addressed/mitigated or Management accepted. ? Evaluate IT Policies, processes and procedures for completeness and recommend any amendments and or improvements where required. ? Ensure that controls are adequate to protect sensitive information systems within the environment. ? Clearly document and define risks and potential impacts along with the statistical probability of such an event occurring and identify systems affected by the defined risk/s.
- ? Conduct and manage ongoing IT Risk reviews at Departmental and or Business Unit level in line with the pre-defined IT Risk Coverage Plan. ? Manage IT Risk assessments conducted of Departments/Business Units within the Bank. ? Manage and facilitate the implementation of practical and value-add mitigating strategies based on the results of IT Risk assessments performed.
- ? Establish, review and obtain approval of the IT Risk Management Framework and Policy – which is to be reviewed and approved annually by the Risk and Capital Management Committee (RCMC).
- ? Ongoing review and update of the IT Risk Coverage Plan for the IT Risk Department.
- ? Maintain the Bank’s risk register for the IT Department in Cherwell from an IT Risk perspective.
- ? Preparation of the following reports: – IT Risk Management Report (Quarterly). – Key Risk Indicator (KRI) Reporting for the IT Department (Quarterly). – IT Risk and Cyber Security Committee minutes, which includes the review and distribution of the Committee agenda and action item list to the Committee members.
- Qualifications
- Experience
- Bachelor of Commerce Degree
- 3 to 5 years IT Risk experience within the Banking industry.
- ISO 27005 Certified Risk Manager ISO 27001 Lead Implementer
- 5 years IT Risk experience within the Banking industry.
- Minimum
- ? Excellent written and verbal communication skills. ? Computer literate, with intermediate-level Word, Excel and Power Point processing skills. ? Analytical and problem-solving skills. ? IT and Business acumen. ? Inter-personal and other qualities such as: – Self-starter and take initiative – Continuous improvement of day to day tasks and deliverables. – Innovative with attention to detail. – Self-motivated and performance driven with positive and constructive interaction with direct and indirect staff members within the Bank. – Knowledgeable in IT Risk Governance.
- Ideal
- ? Excellent written and verbal communication skills. ? Computer literate, with intermediate-level Word, Excel and Power Point processing skills. ? Analytical and problem-solving skills. ? IT and Business acumen. ? Inter-personal and other qualities such as: – Self-starter and take initiative – Continuous improvement of day to day tasks and deliverables. – Innovative with attention to detail. – Self-motivated and performance driven with positive and constructive interaction with direct and indirect staff members within the Bank. – Knowledgeable in all areas of IT Risk
- Strong understanding of regulations relating to IT Risk.
- WORKING CONDITIONS (office bound/on-site/travel)
- Sandton Corporate Office with the ability to work from home with ad-hoc travel when required.
- Governance. – Strong understanding of South African Reserve Bank (SARB) Directives and Guidance Notes relating to IT Risk and Cyber Security.
Desired Skills:
- IT Risk
- Managment
- Governance