Manager, Technology Governance, Risk and Compliance at Standard Bank Group

Job Purpose

As part of the Engineering Control team and working closely with the IT Information Security team, support in managing all aspects of Technology governance and compliance framework in Stanbic Bank Kenya. This includes accountability for regulatory compliance, ensuring full alignment with the requirements of Risk, Audit, Legal and Compliance, and conformance to Group Technology standards.

Key Responsibilities/Accountabilities

• Build Regulatory Compliance Understanding
  • Ownership of the IT regulatory compliance framework.
  • Working closely with the Legal, Compliance and Risk teams and external experts where necessary, maintain an up to date view of relevant regulatory requirements.
  • Working with Legal and Compliance to ensure that any regulatory reporting requirements, for example in response to a breach, are well understood.
  • Implement and manage processes to ensure compliance.
• Own and Implement IT Policies and Procedures
  • Own all country IT policies, ensuring alignment with Group IT and manage the ongoing review and adoption by the various stakeholders.
  • Ensure IT policy documents are reviewed in line with governance and regulatory requirements.
  • Ensure processes are in place to monitor, and where appropriate, report on compliance.
  • Ensure online access to relevant and up to date IT policies and procedures
• Third Party Risk Management
  • In collaboration with other key stakeholders within the Engineering unit, implement the Third Part Risk Management framework.
  • Ensure Third Party Risk Assessments are conducted in conjunction with Procurement team and other key stakeholders.
• Operational Governance and Risk Management
  • Help define and manage the governance framework within the Engineering Operating model.
  • Undertake Risk and Control reviews for all the Technology functions within the Engineering unit
  • Support the Head of Engineering Control in the preparation of documentation for various governance committees and help manage actions as required.
  • Facilitation of the Information Risk Remediation plan and Risk Control Self
  • Assessments (RCSA) in collaboration with all the risk functions.
  • Oversight and management of internal and external audit processes as required.
  • Provide IT Governance and Compliance input into projects and initiatives
  • Ensure audit findings are adequately monitored and addressed.

Preferred Qualification and Experience

• A Bachelor’s degree in Information Management or Computer Science or Data Governance or Information Security
• Total number of years’ experience: 3 – 4 years in similar role
• Other Minimum Qualifications, certifications or professional memberships
• • Certified Information Systems Auditor
• • Certified Information Systems Security Professional or Certified Security Analyst
• Working within an information or data governance function with two years’ experience leading a data and/or security governance programme.
• Demonstrated knowledge of data governance practices, business and technology issues related to management of enterprise information assets and approaches related to data protection.
• Sound knowledge of industry-leading data quality and data protection management practices.
• Practical experience in the implementation of IT policies and procedures.
• Experience in the monitoring of IT risk and security controls to ensure compliance and business cyber-resilience.
• Experience liaising with Internal Audit and other oversight units on enforcing compliance with company policies and best practices.
• A good understanding of information management practices including information lifecycle management, data modelling, master data management and the conduct of business audits and requirements gathering.