Bring your possibility to life! Define your career with us
With over 100 years of rich history and strongly positioned as a local bank with regional and international expertise, a career with our family offers the opportunity to be part of this exciting growth journey, to reset our future and shape our destiny as a proudly African group.
Job Summary
Reporting to the Head of Technology Risk and Compliance, the role holder is responsible for ensuring that specific IT risk controls and solutions are applied and that they comply with the Technology Key Risk policy and standards, and consequently meets the businesses requirement and safeguards the Banks reputation.
Job Description
Main Accountabilities:
IT Risk Identification and Control Assessment
Assist in conducting effective local risk assessments to assess all new IT systems or Processes, clearly identifying the risks and issues and the controls and measures required to mitigate those risks / issues.
Review and identify new risks that may be introduced into the business by any proposed change to IT Systems or Processes
Assist in undertaking local 3rd Party Due Diligence for critical IT Vendors and Service Providers
Conduct IT Security Controls Snap checks (CSA)and monitor IT Security activities e.g. application & system controls, physical and logical access security controls, review of disaster recovery and back-up procedures, media storage
Report on the compliance levels and provide comprehensive MI reorting
Follow-up on any IT Security weaknesses identified and put in place effective measures to safeguard the bank’s IT resources, information and reputation.
Plan and take responsibility for the overall IT DR objectives of Kenya Technology
Agree and manage IT DR deliverables with internal and external customers/role players
In liaison with the technical teams, ensure recovery procedures/ processes (SRPs/TRIs) for all systems are documented and readily available
Keep monthly BCE statistics and data to be provided in MI reporting to senior management and stakeholders
Capture/analyse and draft information into meaningful MI reports for senior management, stakeholders, team reporting and presentation purposes
Present findings and conclusions together with recommendations after IT DR tests
To engage collaboratively with BCM stakeholders to ensure appropriate prioritisation of BCM system tiers
Ensure all technology solutions have a working DR before deployment Demand pipeline management.
Guide and govern suppliers for project related activities ensuring they understand and adopt Bank agreed standards and architectures along with adhering to policy and procedures.
To work across all in-Country functions and to act as an interface point between ITSCM and Country BCM team
Key Risk Monitoring
Assist in setting and measuring technology risk thresholds and the related key indicators.
Ensure roles & responsibilities are defined and agreed for metric collation and ownership
Ensure that Key Risk Indicators are monitored by Technology Senior Management, reasons for out of threshold indicators are defined and remediation is actively monitored.
Ensure alignment of KRI position and CSA results
Event Analysis
Review major incidents (severity 1, 2 and 3), identify root cause ito control objectives and ensure consistency with CSA
In conjunction with the Group Key Risk Owner, Operational Risk management and the central Technology Risk team define the loss / risk appetite for the country.
Analyze TKR loss data and conclude on required actions to prevent exceeding loss budget
Ensure that loss events are correctly attributed to TKR where applicable.
Remediation Management
Ensure action owners compile their own closures and define ongoing management controls
Ensure that defined action plans are agreed with the responsible assurance providers and trackers are defined detailing actions, sub actions, deliverables, evidence, control maturity and action owners.
Provide regular status update report to senior management commensurate with item status (at risk, on track, overdue)
Accountability: Reporting
Ensure that all high/medium risk projects in the area are identified and RAG status from a risk perspective is tracked
Ensure that ORIAs are completed, required actions taken and operational risks being migrated into production are defined, understood, accepted (RFNC) and remediation planned for all high/medium risk projects
Ensure that high probability and high impact items on top project risk logs have adequate remedial actions defined.
Be involved in project assurance reviews, as managed by the central project assurance team, where required.
Accountability: People Management
Responsible for driving own Performance Development, collating relevant documentation, preparing for and arranging reviews.
By utilizing skills matrix, identify training and development requirements, formulating own plan to be agreed with team leader.
Responsible for ensuring own plan is completed within agreed timescales.
Undertake all necessary training in order to perform the role to the required standards, including gaining accreditation where appropriate.
Accountability: Control
Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise Wide Risk Management Framework and internal Absa Policies and Policy Standards.
Understand and manage risks and risk events (incidents) relevant to the role.
Knowledge& Skills: (Maximum of 6)
Stakeholder Management Skills (Advanced)
Analytical Skills (Advanced)
Knowledge of Principles and Practices (Advanced)
Knowledge of project management best practices (Advanced)
Knowledge of banking and IT practices (Solid)
Competencies: (Maximum of 8 competencies)
Deciding and initiating action
Learning and researching
Entrepreneurial and commercial thinking
Relating and networking
Adapting and responding to change
Persuading and influencing
Creating and innovating
Knowledge, Expertise and Experience
B-degree, Commerce or a relevant banking or business degree or an Matric equivalent qualification or High Level diploma
CISA/CRISK/CISM Certification
Degree level education in an analytical subject would be beneficial
4 years’ experience and exposure to the Banking/ ICT Industry
Displaying a thorough understanding of technology strategic issues in the banking or financial services sector
A confident and motivated leader, with proven experience in motivating regional and global teams in a challenging, high pressure environment
Good understanding of ITIL processes and associated concepts.
High degree of commercial awareness with sound understanding of key contractual obligations and risks to maximize benefits
Strong customer liaison and relationship management skills
Excellent communication and presentation experience;
Must be able to work under pressure, take clear ownership of issues and projects and drive to ensure a successful closure for the customer, peers and IT Production;
Financial management – budget preparation and managing to budget;
Working within a Global or Regional role
Familiarity with ITIL-style management procedures and mainstream project management styles a distinct advantage;
Experience of financial services preferred;
Education
Higher Diplomas: Physical, Mathematical, Computer and Life Sciences (Required)
