JOB PURPOSE

1. To provide an independent assurance to management, that established controls in respect to IT systems are operating as intended to ensure compliance with regulations and established Bank policies and procedures.

2. Support the Risk Department in driving Second Line Technology Risk Assurance activities within the bank to ensure that businesses and support functions have deployed and are executing all necessary key controls in a manner which is consistent with Bank standards.

3. Support in ensuring that the monthly Management Risk Committee process is effective in the identification, assessment, mitigation, and monitoring of bank Information Technology and Cyber risks.

KEY RESPONSIBILITIES /KEY DELIVERABLES

• Conducting Information System risk assessments for new and existing systems, applications, and programs to ensure compliance with the bank’s security policies, regulatory requirements and adherence to best practices to identify weaknesses or security exposures and prescribe solutions to mitigate the risks related to those weaknesses and exposures.
• Performing periodic and surprise security assessments of areas such as operating systems, database management systems, firewalls, intrusion detection systems, and web-based applications.
• Identifying and evaluating business technology risks and internal controls which mitigate risks, and related opportunities for internal control improvement and propose risk treatment plans.
• Providing guidance over the general activities and concerns of the organization’s Information Technology function including governance, policy, control design, general operational effectiveness, and internal controls.
• Liaising and coordinating with respective Risk champions, review IT risk and control self-assessments.
• Maintaining and following up/tracking for closure all IT findings arising out of Risk, Internal Audit, External Audit and BOU reviews.
• Monitoring and tracking IT risk events and following up associated actions plans to closure.
• Working with control owners to ensure control accuracy and remediation of any issues related to control exceptions.
• Maintaining a forward-looking Technology risk profile of the bank that captures the major risks, ensuring that risks that might impact multiple business and/or support functions are captured, and actions initiated to mitigate and control risks leading to a reduction in operational losses.
• Ensuring that staff are adequately trained in IT Risk Management, policies, and procedures.
• Ensuring that controls and checks associated with IT Risk Management deployment are in place and are effective
• Performing annual Quality Assurance Reviews of IT related Policies, Processes, and procedure manuals.
• Overseeing the Disaster Recovery Governance framework and Implementation.
• Supporting in the review of IT Risk Control Self Assessments (RCSAs) & Key Risk Indicators
• Supporting elements of IT related Investigations.
• Conducting IT Project Risk Assessments as and when required.
• Providing risk oversight and assurance over the activities of the Business Technology, Digitization and Innovation Units.
• Supporting in the preparation of monthly ICT risk reports as part of input into the monthly Management Risk Committee meetings and quarterly Board Risk Committee meetings.
• Conducting IT Risk awareness trainings and sharing IT risk control communication across the bank to improve on risk awareness.
• Participating in fraud risk management and monitoring.

BUSINESS BEHAVIOURS

• Passion: Committed to excellence, delivering outstanding results and making a positive impact on our customers and stakeholders.
• Teamwork: Collaborates, mutual respect, and diverse perspectives, to achieve shared success and deliver greater value to the Bank.
• Integrity: Uphold honesty, transparency, and accountability, ensuring ethical practices in every action.
• Innovation: Embrace creativity and forward-thinking, continually seek new solutions to enhance customer experience and drive business growth.

QUALIFICATIONS, EXPERIENCE AND COMPETENCIES REQUIRED

• A Bachelor’s degree in Information Systems Technology, Computer Science, or Engineering, or equivalent experience required
• Possesses or part qualified in one or more of the following certifications: Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or other related certification.
• At least two years’ experience in IT Audits , IT Risk management or Banking Operations.

• Conducting Information System risk assessments for new and existing systems, applications, and programs to ensure compliance with the bank’s security policies, regulatory requirements and adherence to best practices to identify weaknesses or security exposures and prescribe solutions to mitigate the risks related to those weaknesses and exposures.
• Performing periodic and surprise security assessments of areas such as operating systems, database management systems, firewalls, intrusion detection systems, and web-based applications.
• Identifying and evaluating business technology risks and internal controls which mitigate risks, and related opportunities for internal control improvement and propose risk treatment plans.
• Providing guidance over the general activities and concerns of the organization’s Information Technology function including governance, policy, control design, general operational effectiveness, and internal controls.
• Liaising and coordinating with respective Risk champions, review IT risk and control self-assessments.
• Maintaining and following up/tracking for closure all IT findings arising out of Risk, Internal Audit, External Audit and BOU reviews.
• Monitoring and tracking IT risk events and following up associated actions plans to closure.
• Working with control owners to ensure control accuracy and remediation of any issues related to control exceptions.
• Maintaining a forward-looking Technology risk profile of the bank that captures the major risks, ensuring that risks that might impact multiple business and/or support functions are captured, and actions initiated to mitigate and control risks leading to a reduction in operational losses.
• Ensuring that staff are adequately trained in IT Risk Management, policies, and procedures.
• Ensuring that controls and checks associated with IT Risk Management deployment are in place and are effective
• Performing annual Quality Assurance Reviews of IT related Policies, Processes, and procedure manuals.
• Overseeing the Disaster Recovery Governance framework and Implementation.
• Supporting in the review of IT Risk Control Self Assessments (RCSAs) & Key Risk Indicators
• Supporting elements of IT related Investigations.
• Conducting IT Project Risk Assessments as and when required.
• Providing risk oversight and assurance over the activities of the Business Technology, Digitization and Innovation Units.
• Supporting in the preparation of monthly ICT risk reports as part of input into the monthly Management Risk Committee meetings and quarterly Board Risk Committee meetings.
• Conducting IT Risk awareness trainings and sharing IT risk control communication across the bank to improve on risk awareness.
• Participating in fraud risk management and monitoring.

• A Bachelor’s degree in Information Systems Technology, Computer Science, or Engineering, or equivalent experience required
• Possesses or part qualified in one or more of the following certifications: Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or other related certification.
• At least two years’ experience in IT Audits , IT Risk management or Banking Operations.