Manager, IT Risk

respect to IT systems are operating as intended to ensure compliance withregulations and established Bank policies and procedures.Drive Second Line of IT Assurance activities within the bank to ensure that businessesand support functions have deployed and are executing all necessary key controls ina manner which is consistent with Bank standards.Ensure that the monthly Management Risk Committee process is eective in theidentification, assessment, mitigation, and monitoring of bank Informationtechnology and Cyber risks.

EDUCATION AND TRAINING

• Bachelor’s degree in information systems technology, Computer Science, orEngineering, or equivalent experience required.

• Must Possess at least one of the following certifications: Certified in Risk and

Information Systems Control (CRISC), Certified Information Systems Auditor(CISA), or other related certification.

• A professional qualification in CPA or ACCA or a master’s degree in a related

field is an added advantage.

SKILLS AND EXPERIENCE

• A minimum of 5 years Banking experience, 3 of which should be in aSupervisory / managerial position in IT Audit or IT Risk management.

• Must have critical thinking, analytical, attention to detail and problem-solving

skills to quickly stop threats of significance to the institution.

• Good verbal and written communication skills

respect to IT systems are operating as intended to ensure compliance withregulations and established Bank policies and procedures.Drive Second Line of IT Assurance activities within the bank to ensure that businessesand support functions have deployed and are executing all necessary key controls ina manner which is consistent with Bank standards.Ensure that the monthly Management Risk Committee process is eective in theidentification, assessment, mitigation, and monitoring of bank Informationtechnology and Cyber risks.

EDUCATION AND TRAINING

• Bachelor’s degree in information systems technology, Computer Science, orEngineering, or equivalent experience required.

• Must Possess at least one of the following certifications: Certified in Risk and

Information Systems Control (CRISC), Certified Information Systems Auditor(CISA), or other related certification.

• A professional qualification in CPA or ACCA or a master’s degree in a related

field is an added advantage.

SKILLS AND EXPERIENCE

• A minimum of 5 years Banking experience, 3 of which should be in aSupervisory / managerial position in IT Audit or IT Risk management.

• Must have critical thinking, analytical, attention to detail and problem-solving

skills to quickly stop threats of significance to the institution.

• Good verbal and written communication skills

applications, and programs to ensure compliance with the bank’s securitypolicies, regulatory requirements, and adherence to best practices to identifyweaknesses or security exposures and prescribe solutions to mitigate the risksrelated to those weaknesses and exposures.

• Perform periodic and surprise security assessments of areas such as operating

systems, database management systems, firewalls, intrusion detection systems,and web-based applications.

• Identifying and evaluating business technology risks and internal controls whichmitigate risks, and related opportunities for internal control improvement andpropose risk treatment plans.

• Providing guidance over the general activities and concerns of the organization’s

information technology function including governance, policy, control design,general operational eectiveness, and internal controls.

• Liaise and coordinate with respective IT Risk champions, review IT risk andcontrol self-assessments.

• Maintain and follow up / track for closure all IT findings arising out of Risk,

Internal Audit, External Audit and BOU reviews.

• Monitoring and tracking IT risk events and following up associated actions plansto closure. Work with control owners to ensure control accuracy and remediateany issues related to control exceptions.

• Maintain a forward-looking IT risk profile of the bank that captures the majorrisks, ensuring that risks that might impact multiple businesses and/or supportfunctions are captured, and actions initiated to mitigate and control risks leadingto a reduction in operational losses.

• Ensure that sta are adequately trained in IT Risk Management, policies, and

procedures.

• Ensure that controls and checks associated with IT Risk Management deploymentare in place and are eective.

• Perform annual Quality Assurance Reviews of IT related Policies, Processes, and

procedure manuals.

• Oversight the Disaster Recovery Governance framework and Implementation.

• Support in the review of IT Risk Control Self Assessments (RCSAs) & Key Risk

Indicators

• Support in elements of IT Investigations.

• Conduct IT Project Risk Assessments as and when required.