Senior Risk Manager: IT at Nedbank

Job Purpose

• To develop and monitor the implementation of the Operational Risk Management Framework in Nedbank and its subsidiaries to comply to regulatory requirements and ensure alignment to international best practice.

Job Responsibilities

IT Risk Management

• Develop and implement an end to end risk management strategy and plan for the cluster in respect of the Information Technology, Information Security and Projects portfolios to effectively manage the associated risks and deliver on the full requirements of the Information Technology Risk Management Framework(ITRMF) and Cyber Resilience Risk Management Framework (CRRMF).
• Understand and effectively implement existing frameworks and policies across the cluster e.g. the ITRMF and CRRMF and communicate all compliance standards to business areas.
• Conduct IT risk and control reviews across the cluster to evaluate whether related IT Risks are adequately identified, assessed, measured, monitored, controlled, and mitigated.
• Ensure the establishment and implementation of risk appetites and key risk indicators for IT, information security and project risks. Provide oversight and assurance on the management of IT risks and the IT control environment within relevant business areas (including IT initiatives/ projects/Information security) and report any control gaps identified and the mitigation thereof.

Information Security

• Assist the cluster to improve their information security risk profile through identification, assessment, measurement and monitoring of the cluster’s information security risks
• Actively develop and execute the cyber security program elements and cyber security plans
• Manage the completion of the cyber security risk assessments, ensuring that they are understood, captured int he risk management processes and that appropriate controls are embedded in the day-to-day operations, and remediation of non-compliance is documented and addressed.
• Assist the cluster with identification of critical assets from a confidentiality point of view (“crown jewels”) and feeding that back into the business impact analysis and risk management processes.
• Work with the business to develop processes and procedures to ensure information security policies and standards are integrated.
• Drive compliance to security policies and standards on cluster infrastructure.
• Assist with third party supplier information and supplier cyber security risk assessments and assurance.
• Represent business as a Business Information Security Officer (BISO) and primary interface between the cluster and Chief Information Security Office (CISO).

Project Management

• Identification and prioritization of key cluster IT projects for monitoring
• Identification, assessments and tracking of risks that impact project timelines and deliverables and allocation of risk owners
• Ensure quality of the risk data in the Projects Risk Register and alignment with business RCSAs
• Promote and direct risk management for key cluster projects
• Monitoring project performance and assisting in the mitigation of all IT project risks through project governance structures.

Type of Exposure

• Conducting root cause analysis
• Analysing situations or data
• Developing ways to manage risks
• Managing conflict situations
• Challenging the status quo with a view to improve people's understanding of issues
• Comparing two or more sets of information
• Communicating standards to others
• Conducting gap analysis
• Identifying risk industry trends
• Answering customer questions
• Managing multiple projects
• Preparing and delivering presentation
• Conducting research from multiple sources
• Communicating complex information
• Checking accuracy of reports

Essential Qualifications - NQF Level

• Advanced Diplomas/National 1st Degrees

Preferred Qualification

• Relevant IT qualification - BSc in information systems or BCom degree with specialization in IT, Risk Management, Auditing or equivalent qualification is essential.
• Post graduate IT risk qualification and/or project management.

Minimum Experience Level

• 5 - 8 years’ experience in Risk, Governance and Auditing and/or 8 - 10 years’ experience in banking and/or insurance

Technical / Professional Knowledge

• Communication Strategies
• Data analysis
• Governance, Risk and Controls
• Principles of financial management
• Principles of project management
• Relevant regulatory knowledge
• Research methodology
• Technologies
• Cluster Specific Operational Knowledge
• Relevant system knowledge

Behavioural Competencies

• Adaptability
• Building Partnerships
• Communication
• Decision Making
• Stress Tolerance
• Technical/Professional Knowledge and Skills