Job Purpose
To provide, manage and implement Information Risk management in a financial/banking business environment.To act as a trusted Information risk management business partner that equips business with the mechanisms to identify, mitigate and treat information risks.
Key Responsibilities/Accountabilities
- To pro-actively manage information risks/threats to the business
- Manage the development, provisioning and successful execution of a proportionate information risk treatment programme (e.g. mitigate, accept, transfer and avoid)
- Develops and maintains strong business and centres of excellence relationships, becoming a trusted partner, as well as building relationships with corporate functions such as Group Internal Audit, Group Compliance, Business Information Risk and Group Information Technology.
- To develop database for the Risk Management function and assist with data analytics in the department
- Delivers information risk assessments and guides business managers on the appropriate risk control strategies, whilst aligning information risk strategies with business objectives.
- Coordinate information risk self-assessment, risk assessment, analysis, rating and provides control recommendations using the established Information Risk Management framework.
- Provide a holistic view of the risks through comprehensive reporting to the bank’s information assets introduced by personnel, processes, technology and external events.
- Supports the ongoing knowledge management and formalization of the risks and threats the bank faces and how we choose to manage them through risk management reporting guidance.
- Manages risks to banks information assets and assists businesses by specifying adequacy of control(s) required and validating the effectiveness of controls implemented in conjunction with business risk appetite.
- Manage and tracks information risk control efforts and escalation to head information risk where inadequate mitigation is evident.
- Creates risk metrics and reports, represents such at risk committees, the right management structures and drive remediation of said risks.
- Effectively communicates with stakeholders to ensure support and commitment for the information risk programme and to prioritize control initiatives and spending based on appropriate risk management.
- Coordinate incident response planning and investigation of information breaches, and assists with disciplinary and legal matters associated with such breaches if necessary
- Initiates, facilitates, and promote activities to create information risk awareness within the organization, including awareness of information risk related regulatory issues that have a potential impact to the environment in alignment with group wide awareness activities.
- Coordinates and serve as a facilitator and liaison between the Business lines, Embedded Information Risk and the Group Information Risk Office for the successful remediation of information risks.
- Manages the engagement process of information risk assessments and acts as a liaison with centres of excellence to deliver value to the business
- Advices business personnel regarding the value and methods of safeguarding information.
- Establish cooperative dialogue between Business, Embedded Information Risk, Group Financial Crime Control, Group Information Risk Office and IT Security by visible and consistent action in monthly meetings.
- Reviews the ability of the business to execute against group-wide risk and control mandates.
- Promote a fit for purpose approach to adopting information risk best practices in the Business lines.
- Promote self-compliance to information risk governance standards, policies and standards by closely monitoring and engaging countries on agreed POW.
- Manage, and develop business personnel knowledge to ensure better information protection and management across with the assistance of information risk practitioners through awareness, training and workshops.
- Acts as liaison between Business and various Governance, Control & Risk offices within the bank to create and maintain reporting, problem resolution, and other tasks necessary to continuous improvement and evolution of services.
- Manages relationship with vendors and suppliers to ensure full information risk value of contracts is realised to the bank.
- Participates in industry education and networking events, maintains relationships with external community and encourages continuous benchmarking of Standard Bank information risk against managing technologies and practices.
- Compile monthly information risk reports for presentation at: Business and Risk committees.
- Proactive identification of key themes / initiatives / products and their potential risks across business unit and advising on improved management and mitigation of risks.
Preferred Qualification and Experience
- Bachelor’s degree in Computer Science/Information Technology or Information Risk Management or equivalent
- One or more relevant industry certifications in information security (e.g. CISSP, CRISC) would be an added advantage
Knowledge/Technical Skills/Expertise
- Experience in understanding and deploying risk management frameworks
- Bank IT systems
- Knowledge and understanding of Logical Access Management as it is an integral part of the Information Risk Management Control environment.
- Data analytics experience
Visit the official website and apply.
