Bring your possibility to life! Define your career with us
With over 100 years of rich history and strongly positioned as a local bank with regional and international expertise, a career with our family offers the opportunity to be part of this exciting growth journey, to reset our future and shape our destiny as a proudly African group.
Job Summary
The purpose of the role is to Ensure that all activities for the centre of competence and duties assigned are carried out in full compliance with regulatory requirements, enterprise-wide risk management and governance, management frameworks (and other applicable guidelines), internal policies and standards
Job Description
Understand the business value chain and leverage from all sub-functions and activities Stay abreast of market, tools, methodology, practice changes and act as an advisor to guide business in managing the applicable risks exposures (R&D) Be responsible for the designing of group-aligned and integrated risk governance, insights & reporting in terms of third-party exposure Provide advisory (including insights) support on the business units’ processes relating to third party management in terms of the relevant risk types Consult all available enterprise frameworks to shape and inform the PPSG’s (Procedures, Policies, Standards and Guidelines) to be adapted by the COE as they relate to the management of third-party Be the support to all Business Heads, Executives and Line Management with required governance, control, monitored reporting, in terms of the relevant risk types
SME must also act as an advisor, consultant, and coordinator by:
Understanding business processes, business models, relevant risk impacts as well as the key drivers and risks associated. Identifying potential risks using data, dashboards, and/or other metric by analyzing risk information. Provide advice and recommendations regarding any emerging risks, trends, and early detection of issues for the relevant risk types Employing their capacity and tools to be innovative while recognizing and respecting the need to be prudent in (amend as per other risk types) risk management. Promoting the protection of the Bank and its customers’ interest Supporting an effective risk culture, where there is an open, proactive, and constructive dialogue in the management of the relevant risk types Enabling management to monitor the effectiveness of the control environment and to take action to prevent, mitigate and remediate the relevant risk types, where required.
Training and Communication
Provide relevant coaching, guidance and training on the implementation and maintenance of the enterprise-wide relevant risk types and business components such as Critical Process Assessments (CPAs), Key Indicators (KIs), Events, Strategic Risk Assessments, and capital drivers. Provide guidance and approach toward the assessment of the level of compliance for the relevant risk frameworks and policies adapted. Manage, facilitate, and participate in the relevant working groups, committees, and combined assurance forums, in conjunction with the Department Head Educate business on the appropriate proactive remediation of any identified assessments and vulnerabilities. Review and understand existing and new PPSG’s (Procedures, Policies, Standards and Guidelines) and analyze for potential impact and incorporation. Provide input in the drafting of new PPSG’s. Be responsible for the overall design, development, testing and coordination of the overarching detailed design of solutions Ensure business and - collaboration by ensuring services meet both business and relevant risk type requirements. (To be broken down per category) Provide consultation on the automated business services and applications Be responsible for the alignment of business and relevant risk type priorities and should review all business linkages and alignment to methodologies for best practice adaptations for the organization Provide consultation on the ownership/accountability of services, especially for those services that cross the line of business boundaries Ensure that services are tested and working accordingly and report any malfunction/ service outages to business
Leadership and Stakeholder Management
Engage and coordinate internal stakeholders across various business areas and functions across the group and external stakeholders (e.g., regulators and other third parties) Provide strong leadership (of self), direction and display role model behaviors, inspiring others to work together to achieve the strategic vision. Build effective working relationships with key stakeholders and information flows across the business units, risk functions and the various entities Assist the business on execution of strategy by providing advice on risk/control and challenge decisions that pose risk. Advise leadership on emerging global third-party risk trends and advise accordingly Support and influence the organization in improving the third-party risk management through digitization, automation, standardization, and simplification
Third-Party Risk Management and Governance
Advise on risk decisions and escalate risk decisions to the relevant Head. (If required) Assess the relevance and performance of the third-party risk indicators and thresholds as defined in the monitoring tools and methodologies, leveraging on the business risk appetite or materiality thresholds Partner with the second line of defense (business units) to provide guidance on issue/action documentation, tracking, escalation, and remediation of. Investigate third-party matters affecting the relevant business risk profile, which may pose an undue risk. Oversee deep dive and lessons learnt exercises for material risks, including the review, challenges, and tracking/escalation of findings. Review major remediation plans for adequacy, completeness, and progress. Escalate any unresolved concerns directly to the Business Heads Ensure that third-party processes, control requirements and governance frameworks that impact the relevant risk types are documented and understood by all members of the team. Create and maintain a central communication portal (knowledge base) for the COE to ensure knowledge content is up to date and relevant.
Project and Change Management
Promote the sharing of information across the various business units and functions through working group collaborations and other means Participate in or lead related change or improvement projects from design through to deployment, including such aspects as resource, plan and issues and risk management. Establish an operating model and manage the relationship with the Business/ third party teams by acting as the primary point of contact, regarding day-to-day management of the services provided and issues experienced by the business and ensure that agreed standards are met, escalating issues where required
Education And Experience
B-degree or relevant qualification
Minimum 4 Years relevant experience in one or more of the relevant risk type domains (Information Security & Cyber, Data & Records Management, Business Continuity Management, Third party Management)
Any relevant IT resilience and third-party certification will be an advantage
Domain expertise
Data and Records Management
Business Continuity
Third party risk management
Risk management
Knowledge of cyber security governance and general security in computing
Required Knowledge & Skills
Knowledge of banking environment
Knowledge of the cyber risk environment
Knowledge of computer networks and databases
General knowledge of legal and ethical issues in information security
General knowledge in Procurement and/or Vendor Management
PmBOK, PRINCE II, CyBOK
Cyber security frameworks (ISO27001, CIS controls, NIST)
Applicable cyber security laws and regulations
Business acumen:
Proactive
Relationship building and networking
Persuading and influencing
Presenting and communicating
Applying expertise and technology
Analysis
Change agent
Track record of delivery using structure methodology and tools
Education
Bachelor`s Degrees and Advanced Diplomas: Business, Commerce and Management Studies (Required)
Absa Bank Limited is an equal opportunity, affirmative action employer. In compliance with the Employment Equity Act 55 of 1998, preference will be given to suitable candidates from designated groups whose appointments will contribute towards achievement of equitable demographic representation of our workforce profile and add to the diversity of the Bank.
Absa Bank Limited reserves the right not to make an appointment to the post as advertised