Summary

• Provide independent and objective end-to-end Resilience Risk oversight in line with the Enterprise Risk Management Framework (ERMF), Operational & Resilience Risk Framework (ORRMF) together with its various supporting policies and standards.
• Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Absa Operational & Resilience Risk Framework and internal Absa Policies and Policy Standards
• Understand and manage risks and risk events (incidents) relevant to the role.
• Enable management to monitor the effectiveness of the control environment and act towards mitigation of resilience risk where required.
• Support an effective risk culture, where there is an open, proactive, and constructive dialogue relating to Resilience Risk.

Job Description

Key Accountabilities

Advice, support and practice formulation: - (30%)

• Provide specialist advise and support to safeguard information systems and associated assets through the identification and management of security risks. Identify, diagnose and recommend improvements and provide specialist advice and support to ensure that solutions are appropriate and effective. Use practical knowledge and theoretical guidelines, to diagnose area of specialisation problems and generate workable solutions. Perform security audits and clean-ups to ensure accurate and up to date access within the organisation.
• Perform, advise and provide information on risk management impacts and mitigate risk in respect of system and application access. Analyse IT related access report/s to identify discrepancies and anomalies and recommend remedial action. Provide specialist advice and support in defining standard operating procedures (SOP's). Conduct research and gather data to provide input to operational reporting and decision-making processes. Provide specialist advice to plan for value-added process improvements, initiatives and services to deliver on operational objectives. Provide expertise to identify and develop solutions to improve quality of processes and services.

Reporting (30%)

• Assess, challenge and monitor and prepare high quality, relevant and insightful reporting for risk committees in ITO and Group wide. Include audit delivery, issue validations, business monitoring insights and key MI relating to open/overdue/reopened audit issues etc, drivers for our Control Environment and Management Control Approach assessments, emerging/watching brief risks. Ensure data integrity and factual accuracy of report prior to submission for review.
• Review and check and challenge first and second line of defense reporting on the control environment and management control approach.
• Strong collaboration with the Centers of Excellence (CoE) counterparts to derive insights for impactful reporting.

Assurance Planning (20%)

• Actively participate and provide high quality, relevant and impactful audits for ITO in the annual combined assurance planning process. Manage and facilitate the planning deliverables and interlocks with the wider risk and technology functions.
• Report progress on Combined Assurance testing performed, closely monitor ITO combined assurance strategy/progress, and actively participate in the combined assurance and risk forums.

Leadership: - (10%)

• Provide thought leadership and input into the strategy for the Information Technology Office (ITO) and Risk Team.
• Actively play a senior role in the ITO Management Committees and develop and maintain relationships with key stakeholders during audits, assurance reviews and business monitoring activities. Present effectively at stakeholder meetings and forums to share knowledge and information including methodology, standards, changes and new developments with business stakeholders on an ongoing basis.
• Engage proactively with the wider Assurance colleagues and request technical assistance where required from the Centers of Excellence during assurance, business monitoring, reporting, planning etc.
• Mentor and coach less experienced team members by providing guidance around the methodology, assurance process and the information security and cyber landscape.

Knowledge Management (10%)

• Improve technical knowledge and ongoing learning, specific training including mandatory continuous Professional Education requirements.
• Share knowledge in area of responsibility with the team to ensure that audit activities are planned effectively and completed in line with quality standards and audit methodology.
• Present effectively at stakeholder meetings and forums (e.g. Risk and Governance Forums etc.) by sharing knowledge and information, including methodology, standards, changes and new developments, with business stakeholders on an ongoing basis.
• Working with colleagues in Business Units to provide requisite expertise in key areas where specific specialist knowledge is required to deliver appropriate, value-added assurance.

Qualifications

• Bachelor`s Degree in Information Technology
• Added Advantage: Advanced Diploma or Diploma in relevant professional qualification (IT, Information Security, technology risk etc)

Skills & Competencies:  

• In-depth understanding of Absa Group and the Absa Africa strategy, operating structure and interfaces with other functions in ambiguous/dynamic environment
• An understanding of the external economic, political, legal and regulatory environment and its internal impacts in the regional and country
• Business management
• Risk Management
• Communication/Influencing skills
• Stakeholder/customer relationship management
• Leadership and people management skills
• Strong data and Digital & Technology experience
• Strong Communication/Influencing skills and managing multiple stakeholders and customer relationships
• Strong influencing and negotiation skills
• Strong Leadership and team-working skills at senior level
• Ability to think creatively and identify innovative solutions

Experience

• Minimum 5 years work experience
• Awareness of cultural differences and varying legal/regulatory environments.