The role is responsible for overseeing the embedding and implementation of risk management process in the ICT and digital transformation initiatives, conduct control testing, collaborating the above functions to develop and implement risk management actions plans and to support in conducting incidents investigations to identify root cause and mitigation to manage any risks arising from such incidents.

Key Responsibilities

• Governance

• • Participate in the periodic review of ICT, Projects and Digital Business policies and procedures in liaison with the Business units to identify areas of potential improvement or weakness in risk management controls. Review of policies and procedures includes other stakeholders as required.
  • Participate in the periodic review of Risk Policies and Procedures in liaison with the other units in Risk & Compliance.
  • Monitor implementation of ICT, Projects and Digital Business policies and procedures.
  • Independent analysis and reporting of top ICT risks and their mitigation therein.
  • Manage immediate reports to ensure IT & Digital Risk Management objectives and KPIs are met in a timely manner.

           Risk Identification, Assessment, and Mitigation

• Implementation of appropriate Enterprise Risk Management methodologies, Tools & Techniques
• Support and participate in the Unit Operational Risk and Compliance Committees for Business units across the bank with the respective Risk champions.
• Coordinating the implementation of the Risk & Control Self-Assessment (RCSA) framework across the various Business and Support units
• Participate in the embedment of all new and emerging Technology and Digital risks into the business units’ registers.
• Review and follow up on the unit’s quarterly RCSAs to identify top risks, control gaps, issues raised and track for closure.
• Providing day-to-day support and guidance to ICT, Digital and Projects functions and other stakeholders across the Bank on the identification, assessment, measurement and reporting of enterprise and process risk.
• Independent Digital and ICT third party risk assessments and technical due diligence.
• IT Risk assurance – Actively engaging in end-to-end risk remediation planning, resolution, and monitoring activities. i.e. (Patching, hardening, baseline controls for different OS and applications, application whitelisting etc.)
• Support and participate in designing the Bank’s Key Risk Indicators framework (KRIs)
• Review the KRI reports from the ICT, Projects and Digital Business units and any other as assigned and report any outside approved tolerance limits i.e. exceptions for follow up and action planning
• Participate and support the risk owners to define key risk metrics for IT & Digital risks within the Business and Support functions
• Support the Implementation of the Incident management and loss data reporting framework
• Ensure that Change and Incident management procedures are implemented and report on gaps noted for remediation
• Follow up, track and analyze system incidences and other incidences to ensure proper identification of root cause and follow up on implementation of comprehensive action plans/measures to close loopholes by respective business units.
• Support and participate in developing Control testing checklists in the Business units as per the Control Testing procedure
• Actively participate in carrying out independent Control Testing at Business units, to ensure that policies and procedures are effectively implemented, discuss the test results with the business teams and follow up on closures of the action plans within the agreed timelines
• Follow up with business units to update the risk registers accordingly after control testing findings to reflect the units control environment.
• Support the preparation of reports for Management and Board

           Project Risk management

• Support and participate in the control testing for all new and existing initiatives and projects being delivered and facilitate the reporting of potential risk exposures, the risk mitigations and tracking and reporting of risk remediation efforts.
• Participate in carrying out Risk assessments for project initiatives and process reviews

           Training and Awareness

• Assist in raising awareness and providing training for bank employees on Risk policies and procedures
• Audit
• Follow up and ensure that all open issues identified by auditors are adequately closed within the agreed time frame.

Educational Requirements

• Bachelor’s degree in computer science, Information Technology or related field
• A Relevant professional requirement such as CRISC (Certified in Risk and Information Systems Control (CRISC) CISA.

Work Experience

• Minimum of 2 to 4 years progressive experience in a similar role preferably in financial institutions.

Key Required Competencies & Skills

• Understanding of financial/banking business operation.
• Excellent analytical, interpretive and problem-solving, communication and relationship skill.
• Strong understanding of systems security governance, compliance, and risk management principles.
• Strong Project Management skills.
• Working knowledge of control and risk management concepts with the ability to evaluate digital and IT risk and control environment in liaison with business functions.
• Understanding of IT & Digital risk management/ measurement techniques.
• Demonstrable experience with developing/ IT and digital risk management framework, including compliance and monitoring program or related field.
• Proven ability to work across different areas of IT risk management
• Having experience in reviewing DPIAs and Data Risks would be an added advantage.
• A proactive self-starter.

Behavioral Competencies

• High ethical standards and integrity.
• Resilience under pressure and ability to navigate crises effectively.
• Adaptability to changing regulatory landscapes and evolving risk environments.