Senior Manager: Operational and Resilience Risk - Third-Party Risk Centre of Excellence
  • South Africa Johannesburg
  • Absa Group
1 year before
31.12.2023
Oversee and Govern
Cybersecurity Management
Job Description

Bring your possibility to life! Define your career with us

With over 100 years of rich history and strongly positioned as a local bank with regional and international expertise, a career with our family offers the opportunity to be part of this exciting growth journey, to reset our future and shape our destiny as a proudly African group.

Job Summary

The purpose of the role is to Ensure that all activities for the centre of competence and duties assigned are carried out in full compliance with regulatory requirements, enterprise-wide risk management and governance, management frameworks (and other applicable guidelines), internal policies and standards

Job Description

Understand the business value chain and leverage from all sub-functions and activities Stay abreast of market, tools, methodology, practice changes and act as an advisor to guide business in managing the applicable risks exposures (R&D) Be responsible for the designing of group-aligned and integrated risk governance, insights & reporting in terms of third-party exposure Provide advisory (including insights) support on the business units’ processes relating to third party management in terms of the relevant risk types Consult all available enterprise frameworks to shape and inform the PPSG’s (Procedures, Policies, Standards and Guidelines) to be adapted by the COE as they relate to the management of third-party Be the support to all Business Heads, Executives and Line Management with required governance, control, monitored reporting, in terms of the relevant risk types

SME must also act as an advisor, consultant, and coordinator by:

Understanding business processes, business models, relevant risk impacts as well as the key drivers and risks associated. Identifying potential risks using data, dashboards, and/or other metric by analyzing risk information. Provide advice and recommendations regarding any emerging risks, trends, and early detection of issues for the relevant risk types Employing their capacity and tools to be innovative while recognizing and respecting the need to be prudent in (amend as per other risk types) risk management. Promoting the protection of the Bank and its customers’ interest Supporting an effective risk culture, where there is an open, proactive, and constructive dialogue in the management of the relevant risk types Enabling management to monitor the effectiveness of the control environment and to take action to prevent, mitigate and remediate the relevant risk types, where required.

Training and Communication

Provide relevant coaching, guidance and training on the implementation and maintenance of the enterprise-wide relevant risk types and business components such as Critical Process Assessments (CPAs), Key Indicators (KIs), Events, Strategic Risk Assessments, and capital drivers. Provide guidance and approach toward the assessment of the level of compliance for the relevant risk frameworks and policies adapted. Manage, facilitate, and participate in the relevant working groups, committees, and combined assurance forums, in conjunction with the Department Head Educate business on the appropriate proactive remediation of any identified assessments and vulnerabilities. Review and understand existing and new PPSG’s (Procedures, Policies, Standards and Guidelines) and analyze for potential impact and incorporation. Provide input in the drafting of new PPSG’s. Be responsible for the overall design, development, testing and coordination of the overarching detailed design of solutions Ensure business and - collaboration by ensuring services meet both business and relevant risk type requirements. (To be broken down per category) Provide consultation on the automated business services and applications Be responsible for the alignment of business and relevant risk type priorities and should review all business linkages and alignment to methodologies for best practice adaptations for the organization Provide consultation on the ownership/accountability of services, especially for those services that cross the line of business boundaries Ensure that services are tested and working accordingly and report any malfunction/ service outages to business

Leadership and Stakeholder Management

Engage and coordinate internal stakeholders across various business areas and functions across the group and external stakeholders (e.g., regulators and other third parties) Provide strong leadership (of self), direction and display role model behaviors, inspiring others to work together to achieve the strategic vision. Build effective working relationships with key stakeholders and information flows across the business units, risk functions and the various entities Assist the business on execution of strategy by providing advice on risk/control and challenge decisions that pose risk. Advise leadership on emerging global third-party risk trends and advise accordingly Support and influence the organization in improving the third-party risk management through digitization, automation, standardization, and simplification

Third-Party Risk Management and Governance

Advise on risk decisions and escalate risk decisions to the relevant Head. (If required) Assess the relevance and performance of the third-party risk indicators and thresholds as defined in the monitoring tools and methodologies, leveraging on the business risk appetite or materiality thresholds Partner with the second line of defense (business units) to provide guidance on issue/action documentation, tracking, escalation, and remediation of. Investigate third-party matters affecting the relevant business risk profile, which may pose an undue risk. Oversee deep dive and lessons learnt exercises for material risks, including the review, challenges, and tracking/escalation of findings. Review major remediation plans for adequacy, completeness, and progress. Escalate any unresolved concerns directly to the Business Heads Ensure that third-party processes, control requirements and governance frameworks that impact the relevant risk types are documented and understood by all members of the team. Create and maintain a central communication portal (knowledge base) for the COE to ensure knowledge content is up to date and relevant.

Project and Change Management

Promote the sharing of information across the various business units and functions through working group collaborations and other means Participate in or lead related change or improvement projects from design through to deployment, including such aspects as resource, plan and issues and risk management. Establish an operating model and manage the relationship with the Business/ third party teams by acting as the primary point of contact, regarding day-to-day management of the services provided and issues experienced by the business and ensure that agreed standards are met, escalating issues where required

Education And Experience

B-degree or relevant qualification
Minimum 4 Years relevant experience in one or more of the relevant risk type domains (Information Security & Cyber, Data & Records Management, Business Continuity Management, Third party Management)
Any relevant IT resilience and third-party certification will be an advantage

Domain expertise

Data and Records Management
Business Continuity
Third party risk management
Risk management
Knowledge of cyber security governance and general security in computing

Required Knowledge & Skills

Knowledge of banking environment
Knowledge of the cyber risk environment
Knowledge of computer networks and databases
General knowledge of legal and ethical issues in information security
General knowledge in Procurement and/or Vendor Management
PmBOK, PRINCE II, CyBOK
Cyber security frameworks (ISO27001, CIS controls, NIST)
Applicable cyber security laws and regulations

Business acumen:

Proactive
Relationship building and networking
Persuading and influencing
Presenting and communicating
Applying expertise and technology
Analysis
Change agent
Track record of delivery using structure methodology and tools

Education

Bachelor`s Degrees and Advanced Diplomas: Business, Commerce and Management Studies (Required)

Absa Bank Limited is an equal opportunity, affirmative action employer. In compliance with the Employment Equity Act 55 of 1998, preference will be given to suitable candidates from designated groups whose appointments will contribute towards achievement of equitable demographic representation of our workforce profile and add to the diversity of the Bank.

Absa Bank Limited reserves the right not to make an appointment to the post as advertised

Quick response
Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0026   Knowledge of business continuity and disaster recovery continuity of operations plans.
  • K0038   Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
  • K0043   Knowledge of industry-standard and organizationally accepted analysis principles and methods.
  • K0048   Knowledge of Risk Management Framework (RMF) requirements.
  • K0126   Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
  • K0149   Knowledge of organization's risk tolerance and/or risk management approach.
  • K0169   Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
Required Skills
  • S0018   Skill in creating policies that reflect system security objectives.
  • S0027   Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • S0086   Skill in evaluating the trustworthiness of the supplier and/or product.
Required Abilities
  • A0161  Ability to integrate information security requirements into the acquisition process; using applicable baseline security controls as one of the sources for security requirements; ensuring a robust software quality control process; and establishing multiple sources (e.g., delivery routes, for critical system elements).
  • A0165  Ability to manage Communications Security (COMSEC) material accounting, control and use procedure.
  • A0167  Ability to recognize the importance of auditing Communications Security (COMSEC) material and accounts.
  • A0177  Ability to recognize the unique aspects of the Communications Security (COMSEC) environment and hierarchy.