Technology Risk and Compliance Specialist

Empowering Africa’s tomorrow, together…one story at a time.

With over 100 years of rich history and strongly positioned as a local bank with regional and international expertise, a career with our family offers the opportunity to be part of this exciting growth journey, to reset our future and shape our destiny as a proudly African group.

My Career Development Portal: Wherever you are in your career, we are here for you. Design your future. Discover leading-edge guidance, tools and support to unlock your potential. You are Absa. You are possibility.

Job Summary

Reporting to the Head of Risk and Compliance, the role holder is responsible for ensuring that specific IT risk controls and solutions are applied and that they comply with the Technology Key Risk policy and standards and consequently meets the businesses requirement and safeguards the Banks reputation.

Job Description

Key Accountabilities

Accountability: IT Risk Identification and Control Assessment

• Assist in conducting effective local risk assessments to assess all new IT systems or Processes, clearly identifying the risks and issues and the controls and measures required to mitigate those risks / issues.
• Review and identify new risks that may be introduced into the business by any proposed change to IT Systems or Processes
• Assist in undertaking local 3rd Party Due Diligence for critical IT Vendors and Service Providers
• Conduct IT Security Controls Snap checks (CSA) and monitor IT Security activities e.g. application & system controls, physical and logical access security controls, review of disaster recovery and back-up procedures, media storage
• Report on the compliance levels and provide comprehensive MI reporting
• Follow-up on any IT Security weaknesses identified and put in place effective measures to safeguard the bank’s IT resources, information and reputation.

Accountability: Key Risk Monitoring

• Assist in setting and measuring technology risk thresholds and the related key indicators.
• Ensure roles & responsibilities are defined and agreed for metric collation and ownership
• Ensure that Key Risk Indicators are monitored by Technology Senior Management, reasons for out of threshold indicators are defined and remediation is actively monitored.
• Ensure alignment of KRI position and CSA results

Accountability: Event Analysis

• Review major incidents (severity 1, 2 and 3), identify root cause ito control objectives and ensure consistency with CSA
• In conjunction with the Group Key Risk Owner, Operational Risk management and the central Technology Risk team define the loss / risk appetite for the country.
• Analyse TKR loss data and conclude on required actions to prevent exceeding loss budget
• Ensure that loss events are correctly attributed to TKR where applicable.

Accountability: Remediation Management

• Ensure action owners compile their own closures and define ongoing management controls
• ensure that defined action plans are agreed with the responsible assurance providers and trackers are defined detailing actions, sub actions, deliverables, evidence, control maturity and action owners.
• Provide regular status update report to senior management commensurate with item status (at risk, on track, overdue)

Accountability: Reporting

• Ensure that all high/medium risk projects in the area are identified and RAG status from a risk perspective is tracked
• Ensure that ORIAs are completed, required actions taken and operational risks being migrated into production are defined, understood, accepted (RFNC) and remediation planned for all high/medium risk projects
• Ensure that high probability and high impact items on top project risk logs have adequate remedial actions defined.
• Be involved in project assurance reviews, as managed by the central project assurance team, where required.

Accountability: Technology Risk

• Risk Assessment and Management: Expertise in conducting comprehensive risk assessments, identifying potential vulnerabilities, and developing risk mitigation strategies.
• IT Audit and Controls: Proficiency in performing IT audits, evaluating internal controls, and assessing compliance with industry standards and regulatory frameworks (e.g., ISO 27001, PCIDSS, NIST, GDPR).
• Security Architecture and Design: Knowledge of designing secure IT architectures, implementing robust security controls, and evaluating the effectiveness of security solutions.
• Vulnerability Assessment and Penetration Testing: Ability to conduct vulnerability assessments, penetration testing, and security code reviews to identify weaknesses in systems and applications.
• Incident Response and Forensics: Understanding of incident response processes, including the ability to investigate and analyze security incidents, conduct digital forensics, and develop incident response plans.

Role / Person Specification

Education and Experience Required

• Bachelor’s degree, Computer Science or a relevant banking or business degree or an Matric equivalent qualification or High-Level diploma
• CISA/CRISK/CISM Professional Certification (Mandatory)
• Degree level education in an analytical subject would be beneficial
• 4 years’ experience and exposure to the Banking/ ICT Industry
• Displaying a thorough understanding of technology strategic issues in the banking or financial services sector
• A confident and motivated person, with proven experience in motivating regional and global teams in a challenging, high-pressure environment
• Good understanding of ITIL processes and associated concepts.
• High degree of commercial awareness with sound understanding of key contractual obligations and risks to maximize benefits
• Strong customer liaison and relationship management skills
• Excellent communication and presentation experience.
• Must be able to work under pressure, take clear ownership of issues and projects and drive to ensure successful closure for the customer, peers and IT Production.
• Financial management – budget preparation and managing to budget.
• Working within a Global or Regional role
• Familiarity with ITIL-style management procedures and mainstream project management styles a distinct advantage.
• Experience of financial services preferred.

Knowledge & Skills: (Maximum of 6)

• Stakeholder Management Skills (Advanced)
• Analytical Skills (Advanced)
• Knowledge of Principles and Practices (Advanced)
• Knowledge of project management best practices (Advanced)
• Knowledge of banking and IT practices (Solid)

Competencies: (Maximum of 8 competencies)

• Deciding and initiating action
• Learning and researching
• Entrepreneurial and commercial thinking
• Relating and networking
• Adapting and responding to change
• Persuading and influencing
• Creating and innovating

                                            

Education

Further Education and Training Certificate (FETC): Physical, Mathematical, Computer and Life Sciences (Required)