Head: Responsible Sourcing - Third-Party Centre of Excellence
  • South Africa Johannesburg
  • Absa Group
1 year before
31.12.2023
Oversee and Govern
Cybersecurity Management
Job Description

Bring your possibility to life! Define your career with us

With over 100 years of rich history and strongly positioned as a local bank with regional and international expertise, a career with our family offers the opportunity to be part of this exciting growth journey, to reset our future and shape our destiny as a proudly African group.

Job Summary

To support the Chief Procurement Officer and develop a functional all encompassing Third-Party Risk capability, framework, strategy and operating model in a broadly defined group functional strategy; enabling horizontal implementation and adoption. Provide oversight on the standards, processes, and governance in the third-party resilience risks (e.g. Technology, Information Security and Cyber, Data and Records Management, Business Continuity Management and Change management domains). Ensure that all activities for the centre of excellence and duties assigned are carried out in full compliance with regulatory requirements, enterprise-wide risk management and governance management frameworks (and other applicable guidelines), internal policies and standards.

Ensure that all activities for the centre of competence and duties assigned are carried out in full compliance with regulatory requirements, enterprise-wide risk management and governance management frameworks (and other applicable guidelines), internal policies and standards

Job Description

Ownership of the COE target operating model, and all incumbents related to it (i.e., COE engagement, change management, constitution)
To be the functional leader and get results through complete functional synergy, building flexibility & effectiveness of the whole function, and collaborating with supporting areas to achieve the desired results
Understand the relevant third party type value chain and leverage from all sub-functions and risk activities
To be ‘future-oriented’ through functional and industry best practice strategies and methodologies in getting "tomorrow's results" by addressing current issues
Stay abreast of market, tools, methodology, practice changes and act as an advisor to guide business and the COE in managing the applicable risks exposures (R&D)
Lead the support of Business Heads, Executives and Line Management with required governance, control, monitored reporting, in terms of the relevant risk types
Manage other and self

The Head will be required to:

Understand business processes, business models, relevant value chains, its risk impact as well as key drivers associated.
Develop and promotes a risk-smart workforce and environment.
Deploy capacity and tools to be innovative while recognizing and respecting the need to be prudent in risk management
Promote the protection of the Bank and its customers’ interest
Supports an effective risk culture, where there is an open, proactive, and constructive dialogue in the management of the relevant risk types
Enable the team and management to monitor the effectiveness of the control environment and to take action to prevent, mitigate and remediate the relevant risk types.

COE Head: Key Accountabilities and Responsibilities

Leadership and Stakeholder Management

Provide strong leadership (of others), by providing direction and displaying role model behaviors, inspiring others to work together to achieve the strategic vision
Build effective working relationships with key stakeholders and information flows across the business units, risk functions and the various entities
Advise leadership on emerging global third-party risk trends and advise accordingly
Created and manage performance development (PD) plans and participate in the year-end feedback process
Input into compensation structures, objectives, and performance management of employees where appropriate.
Support and lead the organization in improving third-party risk management through digitization, automation, standardization, and simplification
Deal with any escalations brought to their attention

Third-Party Risk Management and COE Governance

Be an advisor on risk decisions and escalate risk decisions to the relevant Head for attention
Be involved in the oversight deep dive and lessons learnt exercises for material risks, including the review, challenges, and tracking/escalation of findings.
Ensure that third-party processes, control requirements and governance frameworks that impact the relevant risk types are documented and understood by all members of the team.
Enable the creation and maintenance of a central communication portal (knowledge base) for the COE to ensure knowledge content is up to date and relevant
Define the SLA’s that will speak to the target operating model
Assess and verify the level of compliance for the relevant risk frameworks and policies adapted
Maintain and review the funding of the COE’s operations

Training and Communication

Provide a clear direction on the governance & reporting of the COE, as well as the strategic plan, and key focus areas.
Provide a clear maturity model to measure the success and growth of the COE, as well as its capabilities
Provide relevant coaching, guidance and training on the implementation and maintenance of the enterprise-wide relevant risk types and business components such as Critical Process Assessments (CPAs), Key Indicators (KIs), Events, Strategic Risk Assessments, and capital drivers.
Manage, facilitate, and participate in the relevant working groups, committees, and combined assurance forums, in conjunction with the Department Heads
Promote the sharing of information across the various business units and functions through working group collaborations and other means. (Change management)
Educate business on the appropriate proactive remediation of any identified assessments and vulnerabilities.
Establish an operating model and manage the relationship with the Business/ third party teams by acting as the primary point of contact, regarding day-to-day management of the services provided and issues experienced by the business and ensure that agreed standards are met, escalating issues where required
Review and understand existing and new PPSG’s (Procedures, Policies, Standards and Guidelines) and analyze for potential impact and incorporation.
Provide input in the drafting of new PPSG’s.

Behavioural Competencies

Personal accountability
Independent in practice and in thought
Analytical: Able to understand business model, strategy, process, products and systems, and influence change.
Confident to responsibly challenge data, facts, or trends
Ability to manage conflicts
Good interpersonal skills and ability to interact at all levels
Leverages understanding of customers / consumers / suppliers / stakeholders to inform business decision
Influential (Able to influence outcomes and strategy decisions at the highest level)
Clear communicator, verbally and in writing

Education And Experience

B-degree or relevant qualification
Management
Minimum 4 Years relevant experience in one or more of the relevant risk type domains (Information Security & Cyber, Data & Records Management, Business Continuity Management, Third party Management)
Any relevant IT resilience and third-party certification will be an advantage

Domain expertise

Data and Records Management
Business Continuity
Third party risk management
Risk management
Knowledge of cyber security governance and general security in computing

Required Knowledge & Skills

Knowledge of banking environment
Knowledge of the cyber risk environment
Knowledge of computer networks and databases
General knowledge of legal and ethical issues in information security
General knowledge in Procurement and/or Vendor Management
PmBOK, PRINCE II, CyBOK
Cyber security frameworks (ISO27001, CIS controls, NIST)
Applicable cyber security laws and regulations

Business acumen:

Proactive
Relationship building and networking
Persuading and influencing
Presenting and communicating
Applying expertise and technology
Analysis
Change agent
Track record of delivery using structure methodology and tools

Education

Bachelor`s Degrees and Advanced Diplomas: Business, Commerce and Management Studies (Required)

Absa Bank Limited is an equal opportunity, affirmative action employer. In compliance with the Employment Equity Act 55 of 1998, preference will be given to suitable candidates from designated groups whose appointments will contribute towards achievement of equitable demographic representation of our workforce profile and add to the diversity of the Bank.

Absa Bank Limited reserves the right not to make an appointment to the post as advertised

Quick response
Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0026   Knowledge of business continuity and disaster recovery continuity of operations plans.
  • K0038   Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
  • K0043   Knowledge of industry-standard and organizationally accepted analysis principles and methods.
  • K0048   Knowledge of Risk Management Framework (RMF) requirements.
  • K0126   Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
  • K0149   Knowledge of organization's risk tolerance and/or risk management approach.
  • K0169   Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
Required Skills
  • S0018   Skill in creating policies that reflect system security objectives.
  • S0027   Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • S0086   Skill in evaluating the trustworthiness of the supplier and/or product.
Required Abilities
  • A0161  Ability to integrate information security requirements into the acquisition process; using applicable baseline security controls as one of the sources for security requirements; ensuring a robust software quality control process; and establishing multiple sources (e.g., delivery routes, for critical system elements).
  • A0165  Ability to manage Communications Security (COMSEC) material accounting, control and use procedure.
  • A0167  Ability to recognize the importance of auditing Communications Security (COMSEC) material and accounts.
  • A0177  Ability to recognize the unique aspects of the Communications Security (COMSEC) environment and hierarchy.