Manager Internal Controls - Technology at Standard Bank Group

Job Purpose Description

• Maintain an optimal control framework for the Technology that facilitates a proactive approach to issue identification, resolution, escalation and implementation of actions to manage control gaps in order to mitigate any risk that could occur and cause losses to the Group.
• This role requires collaboration with the different business heads and assurance service providers to provide assurance on the control and risk environment of the business.

Key Responsibilities

• Effective implementation of the operational risk framework i.e., RCSA & KRIs roles as per the approved risk management framework.
• Conduct regular risk assessments and evaluations to identify vulnerabilities and potential weaknesses in the bank's technology and cybersecurity controls.
• Implement monitoring mechanisms to track emerging risks and promptly respond to incidents.
• Develop of the universe of annual Technology control assurance reviews.
• Ensure that formal planned reviews and spot checks are conducted across the Group in line with the risk-based engagement methodologies, and present reports and risk insights to relevant portfolio stakeholders and governance committees.
• Conduct special reviews upon specific request by business unit/ enabler management as appropriate.
• Monitor that tracking of remedial actions from internal audits, regulatory reviews, internal control reviews and other such assurance reviews is undertaken as agreed with the business units. This will involve validation of implemented interventions prior to closure.
• Timely provision of routine dashboards as per determined frequency, monthly and quarterly reports on activities and the state of the control environment to executive, business / enabler unit management, risk, compliance, internal audit and ROA risk partners.
• Work closely with stakeholders to communicate policy changes and facilitate adherence across all levels of the organization.
• Coordinate with relevant stakeholders to resolve issues promptly and minimize potential impacts.
• Ensure that formal root cause analysis for control failures is conducted across the Group and appropriate remedial actions are identified and implemented.
• Escalate breaches and incidents for more serious control breaches that require senior management direction as per the appropriate escalation processes, including active participation in the remedial actions.
• Assist in developing of comprehensive technology risk management frameworks, policies, and procedures to identify, assess, and mitigate potential risks associated with the bank's technology infrastructure, systems, and applications.
• Facilitate the translation of regulatory directives into operational processes & controls.
• Identify inadequate processes and controls and provide Non-Financial Risk and Compliance and/or Business Units/ Enablers with the irregularities to facilitate the modification of processes where required.
• Prepare comprehensive risk reports and presentations for senior management, and relevant  management committees. Effectively communicate complex risk matters in a clear and concise manner.
• Develop effective, collaborative relationships with all relevant stakeholders, Senior management, and business lines to ensure a cohesive approach to risk management and promote a strong risk culture throughout the organization.
• Participate in the bank’s business initiatives, forums, committees, policy / process development or reviews, e.g. risk & compliance committees, new products, projects etc. to ensure that control requirements are appropriately considered executed and reported.

QUALIFICATIONS
Minimum Qualifications

• Bachelor’s degree in computer science, Information Technology, Risk Management, Finance, or a related field. Advanced degrees or certifications like CISM, CRISC, CISA or CISSP are highly desirable.

Experience Required

• Minimum of 10 years of relevant experience in technology risk management, cybersecurity, or internal controls within the financial services / banking industry.
• Proven track record of successfully leading and managing a team of professionals.
• In-depth knowledge of technology and cybersecurity frameworks, standards, and best practices (e.g. ISO, COBIT), IT governance and project management.
• Familiarity with relevant banking regulations and compliance requirements.
• Understanding of IT general controls and a deep understanding of technology risks.
• Possess relevant technology skills including data analytics or information systems auditing skills.
• Proficiency in use of data analytics tools preferably with demonstrable scripting skills.
• Strong analytical and problem-solving skills, with the ability to assess complex risk scenarios and propose effective solutions.
• Excellent communication and presentation abilities, both written and verbal, to convey complex technical concepts to non-technical stakeholders.