To provide specialist advise and support in the generation and provision of reliable business intelligence to support key deliverables and informed decision making, through the execution of predefined objectives as per agreed SOPs.
Function and Business Area Purpose
About Information Risk Management and Data Privacy
Information Risk Management and Data Privacy’s role is “to safeguard the integrity and security of Absa Bank Kenya's data, infrastructure and applications by identifying, managing and leading, either directly or through partnerships, all aspects of Information Risk and Security. IRM & DP integrates processes, people and technology to manage Information Risk and Data Privacy in accordance with the Bank's operating model and risk appetite."
The job holder will be a member of the Kenya Information Risk Management and Data Privacy Teams responsible for implementing the Logical Access Management guidelines across ABK. The primary function of the role is to ensure information is protected effectively and consistently based on its criticality. Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise Wide Risk Management Framework and internal Absa Policies and Policy Standards. Understand and manage risks and risk events (incidents) relevant to the role.
Controls Agenda: Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise Wide Risk Management Framework and internal Absa Policies and Policy Standards. Understand and manage risks and risk events (incidents) relevant to the role.
Main accountabilities and approximate time split
- Accountability: 30 %
- Oversee and support Information Risk Management in the following areas:
- Assisting the IRM team with identifying appropriate mandates/role profiles for employees, contractors and vendors.
- Establish and/or support processes for users management (joiners/movers/leavers).
- Support of the BUs in identifying Toxic Combinations and Segregation of Duties in regards to system access.
- Manage Information Security Violations Monitoring processes
- Accountability: 10 %
- Develop and/or maintain local LAM procedures to assist in the embedment of IRM policies.
- Creating awareness through trainings.
- Induction training for all new to bank employees.
- Accountability: 25 %
- Ensure that IRM policies and standards are embedded via performing regular snap checks and other 2nd level checks.
- Review access levels, JML processes and other user provisioning roles.
- Monitor Data management activities providing oversight to the business on data quality
- Accountability: 20%
- Ensure that High critical applications are reviewed from a LAM perspective (access rights & security matrix are in place).
- Support record management across the business
- Accountability: 15%
- Identifying applications gaps in relation to information risk and remediation following agreed actions with the business.
- Partake in new applications roll out to ensure it is complying with LAM policy requirements.
Technical skills / Competencies
Education and Experience Required:
- A degree from a reputable learning institution.
- Professionally Certified (e.g. in CRISC, CISM, CISA) or CISSP or similar certification.
- Accredited in Information Management/Information Sciences of 5 years in Financial Services or related industry.
- 4 years experience, preferably in IT Security and Risk management related role.
- Experience fulfilling a consulting role.
- Proven relationship with executive management and communication skills.
- Extensive Microsoft office skills (Word, Excel, PowerPoint, etc.)
- Reasonable understanding of the principles, practices, and techniques related to Information Risk Management.
- Knowledge and understanding of the implications, to Absa, of the laws and regulations associated with Payment Card Industry, Data Security Services (PCI, DSS).
- Knowledge of wider aspects of risk control, operations and processes.
- Detailed understanding of the Risk assessment processes.
- Experience of a consultancy working style (i.e. used to working collaboratively across the business – essential for undertaking the assessment roles)
- Information Management
- Experience of developing IRM Standards - Basic
- Quality Focus - Competent
- Implementation Management - Competent
- Influencing – Competent
- Information Security - Expert
- Understanding of compliance requirements relating to records retention – Competent
- Experience of developing communication and training strategies – Competent
- Understanding of records management technologies – Competent
- Planning and organization – Competent
- Problem solving – Competent
- Detailed understanding of the principles, practices, and techniques related to Information Risk Management.
- Technical Security background and experience of working on application developments
- A good understanding of the issues faced with outsourcing to external vendors and experience of conducting vendor assessments.
- Ability to influence senior management in relation to important Risk decisions.
- Proven leadership, relationship management and communication skills
Knowledge, Expertise and Experience
- Have core information risk management, confidence and a willingness to deliver.
- Good communication skills.
- Highly motivated and able to coordinate multiple activities across various disciplines.
- Experience of working in a financial organization would be beneficial.
- Awareness of operational risk disciplines, key risk indicators relevant to information risk and a business-focused approach to controls is also beneficial. However deep technical knowledge in any one discipline is not a requirement for this role.
- It is essential that the candidate has a resilient, flexible approach to work, as a pre-requisite for working effectively as part of Barclays Information Management team.
- He or she must be prepared to turn their hand to support other requirements if needed, while ensuring that the core IRM responsibilities are maintained.
- A proactive and hands-on approach is essential to demonstrate that the value that this role and function can add to our organization.
Further Education and Training Certificate (FETC): Physical, Mathematical, Computer and Life Sciences (Required)