Manager Information & Digital Risk at Standard Lesotho Bank

1684

Risk Management: understanding all risks – from the economic to the political – that could affect our global business, and offering guidance to all parts of the bank.

Job Purpose

The purpose of this role is to define and implement appropriate plans and alternative service options to manage risks related to information and digitisation. As the bank moves to digitising its operations, several risks present themselves and need to be managed appropriately. The role of this function is to identify those risks, analyse them and help the bank to come up with controls to manage those risks.

 This is a senior role that requires an individual who can work under minimal supervision, who is able and willing to come up with initiatives and can interact at very high level with minimum assistance from the line manager.

Key Responsibilities/Accountabilities

  • Develop and maintain strong business and centres of excellence relationships, becoming a trusted partner, as well as building relationships with corporate functions such as Group Internal Audit, Group Compliance, Integrated Operational Risk and Group Information Technology.
  • Deliver information risk assessments and guides business managers on the appropriate risk treatment strategies, whilst aligning information risk strategies with business objectives.
  • Perform and coordinate information risk self-assessment, risk assessment, analysis, rating, and provide treatment recommendation using the established Information Risk Management framework.
  • Provide a holistic view of the risks to the bank’s information assets introduced by personnel, processes, technology and external events.
  • Support the ongoing knowledge management and formalization of what risks and threats the bank faces and how we choose to manage them.
  • Manage risks to Bank information assets and assist business by specifying adequacy of control(s) required and validating the effectiveness of controls implemented.
  • Drive and track information risk treatment efforts and escalation for inadequate treatment.
  • Create risk metrics and reports, represent such at the right management structures and drive decision making.
  • Support design and tuning of information risk management policies in conjunction with business risk appetite.
  • Effectively communicate with stakeholders to ensure support and commitment for the information risk treatment programme and to prioritize treatment initiatives and spending based on appropriate risk management.
  • Ensure effective communication to all key stakeholders in order to sustain relationships between Business, Embedded Operational Risk and Group Information Risk Office.
  • Ensure compliance with existing laws and regulations as they pertain to information risk management, in consultation with GIRO.
  • Support incident response planning and investigation of information breaches and assist with disciplinary and legal matters associated with such breaches as necessary.
  • Initiate, facilitate, and promote activities to create information risk awareness within the organization, including awareness of information risk related regulatory issues that have a potential impact to the environment in alignment with group wide awareness activities.
  • Take an effective role in the management of cyber security such as to ensure that there is an effective cyber-risk programme in place.

Preferred Qualification and Experience

  • Bachelor’s degree in Computer Science, Information Risk Management, Information Security, or equivalent experience.
  • One or more relevant industry certifications in information security (e.g. CISSP, CRISC)
  • Computer skills (Excel, Microsoft word and Power point) are required for the position
  • Knowledge and understanding of the regulatory environment governing financial institutions in Lesotho is required.
  • Understanding of risks management frameworks is highly desired. 

Knowledge/Technical Skills/Expertise

  • Recognizes and appreciates organizational difficulties but will rely on strong interpersonal skills and drive to overcome these hurdles successfully.
  • Builds relationships that are focussed on solution and issue resolution in a dynamic and ambiguous environment.
  • Thorough conceptual and practical knowledge of best practice in Risk type Standards, Policies and Procedures.
  • Has a sense of urgency about solving problems and takes appropriate and timeous decisions / action to achieve outcomes.
  • Ability to proactively anticipate risk and put plans in place to avoid/manage risk
  • Clarifies details and checks the accuracy of information and assumptions prior to making a decision.
  • Excellent verbal and written communication. Presentation skills is a must have.
  • Prepare and implement effective security and compliance training to employees to ensure that any changes in regulations are communicated in a timely manner
  • Develop, maintain security management plan for the engagement and provide periodic updates to the management and business leaders on the compliance matters.
  • Aligning and integrating the digital risk management strategy for the engagement with the business goals
  • Ensure all digital channels and systems, policies and procedures fully comply with applicable regulations and the master service agreement signed for the client engagement
  • Monitor and evaluate security measures to protect against reasonably anticipated threats or hazards to the privacy, security or integrity of Client sensitive information

Apply here!

Comments