Information Systems Risk & Control Manager at Absa Bank Limited

Job Summary

The Information Systems Risk & Control Lead role exists to proactively manage and strengthen the bank’s technology risk posture within the First Line of Defence (FLOD). The role ensures that information systems are secure, resilient, and compliant with internal policies and regulatory requirements. It supports the bank’s strategic objectives by identifying and mitigating risks across digital platforms, enhancing cybersecurity oversight, and ensuring the integrity and availability of critical systems and data. This position plays a key role in enabling operational continuity, regulatory compliance, and stakeholder confidence in the bank’s technology environment.
The role holder will be responsible for the following:

• Leading and executing risk-based reviews of core banking systems, applications, and infrastructure to identify control gaps and recommend remediation measures.
• Overseeing cybersecurity governance, including monitoring emerging threats, managing privileged access, and supporting the implementation of security frameworks and awareness programs.
• Ensuring data integrity and system reliability by conducting control testing, reviewing system development standards, and assessing infrastructure and backup processes.
• Supporting business continuity through evaluation and testing of disaster recovery plans and resilience strategies across critical systems.
• Leveraging audit tools, data analytics, and artificial intelligence to enhance audit coverage, identify emerging risks, and perform targeted investigations.
• Collaborating with Risk, Audit, Compliance, and IT teams to report findings, align on control expectations, and support remediation planning.
• Acting as a key FLOD control partner, ensuring that technology risks are identified, assessed, and managed within business operations.

Job Description

Key Accountabilities

Information Systems Risk Reviews & Control Testing - 30%

• Plan and perform risk-based reviews of information systems across the bank.
• Conduct general and application control reviews for both simple and complex systems, including core banking platforms and supporting applications.
• Test the adequacy and effectiveness of system control measures, ensuring alignment with internal standards and regulatory expectations.
• Review system logs, recertification processes, and system maintenance activities to ensure compliance and detect anomalies.

Cybersecurity/Technology Oversight & Access Governance - 25% 

• Act as the cybersecurity/Technology champion, advising on emerging threats and vulnerabilities.
• Ensuring access to electronically stored information is secure and risks are appropriately managed.
• Review and monitor segregation of duties, privileged access management, and identity governance across systems.
• Support the implementation of cybersecurity frameworks, policies, and awareness programs.

Data Integrity & System Assurance - 20%

• Carry out data integrity checks within core banking systems and other critical applications to ensure accuracy and reliability of financial and operational data.
• Review system development standards, operating procedures, programming controls, and network/infrastructure controls.
• Assess backup and disaster recovery processes to ensure business continuity and resilience.

Analytics, Audit Tools & Investigations - 15%

• Make maximum use of Computer-Assisted Audit Tools (CAATs) and Artificial Intelligence to enhance audit coverage and efficiency.
• Use data mining and trend analysis to identify emerging risks and control weaknesses.
• Perform special audits and investigations as requested, including forensic reviews and targeted assessments.

Reporting & Stakeholder Engagement -10%

• Provide insights and findings to senior management, governance forums, and relevant committees.
• Collaborate with Risk, Audit, Compliance, and IT teams to align on control expectations and remediation plans.
• Support the development of dashboards and reporting tools to track control effectiveness and risk trends.

Education and experience required

• Bachelor’s degree in information technology, Computer Science, Information Systems, or related field.
• Professional certifications such as CISA, CRISC, CISSP, CISM, GRCP or equivalent.
• Postgraduate qualifications such as an MBA or master’s in risk management, Information Security, Information Systems, or any related field are considered an added advantage

Experience required

• Minimum 7–12 years of experience in Technology, IT audit, cybersecurity, or technology risk management.
• At least 3-5 years of experience specifically in a risk-based role, such as IT audit, risk & controls, or compliance is required.
• Experience in managing and mentoring staff, leading global/virtual teams, or holding senior leadership roles
• Proven experience in leading risk reviews across complex banking systems.
• Hands-on experience with audit tools, data analytics, and cybersecurity frameworks.
• Experience in regulatory compliance and working with financial sector regulators.

Knowledge & Skills

• Deep understanding of banking systems, IT controls, and cybersecurity principles.
• Knowledge of regulatory requirements (e.g., CBK guidelines, GDPR, NIST, ISO 27001).
• Proficiency in data analytics tools, relevant risk management software/tools and audit software.
• Strong analytical, investigative, and problem-solving skills.
• Excellent reporting and presentation skills.