Job Purpose:
To conduct objective, fact-based risk assessments on existing and new technologies and communicate the findings to stakeholders within the information system, further supporting the achievement of business objectives by providing reasonable assurance regarding the achievement of the bank objectives.
Main Responsibilities:
-
- Coordinate with the IT team to ensure proper escalation of all significant risks through weekly and monthly reports in line with Bank Risk Policies.
- Develop a framework for regular discussions with the IT team to ensure that risks and opportunities are well understood and in line with IT standards, procedures, policies, and the bank’s risk appetite including KRIs.
- Review and report on the adequacy of the Bank’s information security or cyber security strategy, business continuity strategy, disaster recovery plans, information security policies, and related procedures to ensure it effectively supports the business.
- To maintain from time to time an updated risk control self-assessment of all identified risks, which is continually updated to track new risks introduced by changes in the business environment.
- To determine the likelihood of the risk occurrence as well as the consequence or impact of the identified risk to enable management to understand its risk liabilities and the extent of controls to be implemented to mitigate them.
- To stay abreast of information security issues and regulatory changes affecting Banks.
- Support information risk management in ensuring Bank security policies and controls are effectively developed, implemented, and regularly maintained so as to mitigate IT risks.
- Proactively looking at IT risk factors prior to business decisions to ensure the risks are identified and appropriate measures are put in place to mitigate the risks within IT risk appetite using appropriate metrics and other key risk indicators.
- To report to Management through a risk assessment report, the newly identified risks, any outstanding IT audit issues, and any other control weaknesses, and recommended controls to mitigate residual risks.
Educational qualifications and work experience:
- Bachelor’s degree in IT
- Professional Qualification: CISSP (Certified Information Systems Security Professional), CRISC (Certified in Risk and Information Systems Control) Cyber security-related certificate, any other IT certificate.
- 1 year of experience in general banking operations.
- 2 years of experience in Information Technology