Head: IT Risk at FNB South Africa

Role Purpose

• Provide oversight in the monitoring and implementation of IT risk management programme across the Business Unit to support the business in achieving its strategies in accordance with FNB IT risk governance requirements. 

Responsibility

• Provide guidance and oversight to the BU in driving appropriate Risk Management strategies to ensure operational losses are in line with approved risk appetites and risk thresholds.
• Drive the implementation of functional risk programmes and practices within agreed budgets and cost parameters.
• Embed a culture of consciousness and transparency for risk management and ensure the nature and size of IT risks is well understood and owned at the right levels.
• Cultivate and manage objective working relationships with a variety of stakeholders including the business and the CIOs while maintaining his/her independence.
• Maintenance of expert knowledge on relevant legislative amendments, industry best practices and provision of proactive advice and solutions to relevant stakeholders.
• Interpret, adapt and drive implementation of the FRG/FNB IT risk framework to align to business specific requirements.
• Ensure that IT Risk governance across the BU is fully functional and in accordance with FNB governance (IT, business) and Risk requirements.
• Proactively manage the BU IT risk profile in line with FNB risk appetite.
• Develop and implement BU-wide IT Risk management strategy and plan taking into consideration key IT risks and issues prevalent across the business.
• Implement and maintain sound IT Risk processes and controls to ensure IT services are delivered in a risk enabled environment.
• Provide oversight and guidance to the BU in the assessment and identification of potential risks within the IT environment and across key business activities to ensure compliance with governance in terms of legislative, audit, business policy requirements, and approved tolerance thresholds.
• Advice and provide support to business in putting plans in place to mitigate identified IT risks and issues as well as to improve identified control weaknesses in a cost effective and

Additional Requirements

• Information Technology and/or IT Risk Management degree or related with requisite experience.
• Strong Information Governance experience and understanding of multiple data domains
• Certification in any of the following will be an advantage: CRISC, CISA, CISSP, CISM, CIA· Minimum of 8-10 years experience with relevant IT, risk, auditing, governance and compliance experience.
• Knowledge of business continuity and IT disaster recovery management.
• Understand the software development cycle.
• Proficiency in IT management, IT governance, IT architecture, risk management and business resilience good practice including, but not limited to Cobit X, ISO standards, COSO Standards and other relevant.