Cluster Head IT Risk at Nedbank

Job Purpose

• To provide ongoing Information Technology risk management support, guidance, identification, monitoring, and assurance reviews across the Nedbank Wealth cluster in line with the Group's risk management frameworks (ORMF and ITRMF), policies, standards, and procedures through collaboration with risk managers across Nedbank Wealth, Group Risk and Group Technology.  To ensure that there is continuous and effective reporting and escalation of IT risks (including the emergence of digital risks from the adoption of emerging / new technologies) to the relevant governance structures.  To collaborate with stakeholders across Nedbank Wealth, including the subsidiaries in other jurisdictions, to comply with regulatory requirements and ensure alignment to international best IT practices. 

Job Responsibilities

• Deliver on the Cluster IT Risk Management strategies with the key focus on the Cluster's digital strategy, new emerging Digital / IT Risks and whether the business is changing safely. 
• Oversee and monitor the implementation of the ITRMF. 
• Keep abreast of IT and IT risk developments externally and influence internal frameworks and policies as requested. 
• Develop, maintain and monitor the IT Risk profile as well as the Tier 3 IT Risk Appetite for Nedbank Wealth. 
• Provie input into, and advice on the alignment between regulatory capital (related to IT systems) and Nedbank Wealth's IT risk profile and IT risk appetite. 
• Assist in ensuring compliance with regulatory requirements related to IT risk viz reporting of material IT and Cyber incidents as well as the notification of material cloud computing and/or offshoring of data arrangements.
• Provide input into the enhancement of the ITRMF in alignment with the Group Operational Risk Management Framework (ORMF) methodologies, policies, processes and provide guidance to address operational and IT (strategic) risk challenges in Nedbank and its subsidiaries. 
• Proactively identify and anticipate IT risks (including emerging risks)
• Monitor, analyse, report and escalate major IT risks events/losses, control breakdowns and collaborate with the relevant stakeholders to ascertain root cause and remedial actions. 
• Work with relevant operational, information security, legal, regulatory, organisational resilience, fraud, information, and physical security risk specialists to ensure comprehensive identification of all key IT risks. 
• Assist business to identify IT risks inherent in key business processes, new products, business projects and key outsourced arrangements and critical third-party service providers. 
• Develop and maintain IT Risk (2A) monitoring plans with focus on monitoring key controls based on key IT risks, identified IT risks themes, management needs and agreed coordinated assurance areas of focus. 
• Ensure that the outcomes of monitoring activities are reported to management and governance committees to enhance IT risk and control environment. 
• Prepare clear and concise IT risk reports to the appropriate governance committees across both Nedbank Wealth and Group, as required. 
• Develop and maintain partnerships with key stakeholders to facilitate accomplishments of IT risk objectives.
• Identify opportunities to influence the improvement or enhancement of business processes and methodologies in adopting emerging technologies and the IT risk management practices. 
• Contribute to a culture conducive to the achievement of transformation goals by participating in Nedbank culture building initiatives. 
• Contribute to continuous learning and building expertise across Nedbank Wealth. 

Essential Qualifications - NQF Level

• Advanced Diplomas/National 1st Degrees
• Matric / Grade 12 / National Senior Certificate

Preferred Qualification

• Postgraduate degree (e.g., BCom / BSc) in Risk / Audit and/or Information Technology) and other Postgraduate Qualification in Management and / or Business. 

Essential Certifications

• Member of Institute of Risk Management of South Africa and/or Compliance Institute of South Africa
• Preferred Certifications
• CRISC, CGEIT, COBIT, ITIL, Agile, Cyber Foundation, IRMSA, etc.

Minimum Experience Level

• 5 years plus experience in an IT Risk related role. 
• 5 - 8 years within a Financial Institution
• 2 years managerial experience. 

Technical / Professional Knowledge

• Banking knowledge
• Business Acumen
• Data analysis
• Governance, Risk and Controls
• Industry trends
• Principles of project management
• Relevant regulatory knowledge
• Business writing skills