[CONTRACT] Manager, Tools, Risk and Processes | Risk Management Department

POSITION: [Contract] Manager, Tools, Risk and Processes | Risk Management Department

ROLE PURPOSE

To lead the implementation of Enterprise Information Security Policy (EISP) which involves coordinating policy rollout, monitor compliance, and provide essential support, ensuring the effective integration of the new security framework across the Bank. The EISP encompasses 15 distinct domains, including a new component focused on Privacy, in addition to the existing principles of Confidentiality, Integrity, and Availability (CIA).

PRINCIPAL ACCOUNTABILITIES

1. Risk reporting: Report and provide risk assurance to senior management and Board.

• Provide risk assurance to senior management and the Board, including findings from thematic reviews.
• Continuously monitor the environment to identify, assess, and escalate emerging and existing risks, along with proposed solutions.

2. Risk governance, framework and policies: Develop, maintain and ensure effective implementation of risk frameworks and policies.

• Review and refine the Bank’s information security policies to protect critical information assets. Ensure the effective implementation of information security risk frameworks and policies.
• Assess and update the Bank’s risk appetite statement as needed, ensuring continuous monitoring for potential breaches, with escalation to management when necessary.
• Track potential threats and vulnerabilities using information security risk metric.

3. Risk culture and outreach: Promote the development of risk knowledge among staff to build a strong risk management culture.

• Collaborate with the awareness team to promote a strong risk culture on information security in the Bank.
• Enhance staff knowledge and awareness of information security risks

4. Risk tools and processes: Develop, maintain and ensure effective implementation of tools and processes.

• Provide independent assessments of data entered by 40 departments for Information Asset Profiling (IAP).
• Ensure accurate and complete data for information security incidents in IRAISE.
• Ensure clean and accurate data from the existing IAPs of 40 departments is posted in the GRC system.

5. Risk analysis and advisory: Provide an independent technical and advisory view of related risks, from an enterprise perspective with the objective of adding value, strengthening, and improving the Bank’s operations through risk mitigation proposals to various risk committees in a timely and effective manner.

• Provide an independent advisory input to enhance risk mitigation efforts and improve Bank operations.
• Conduct thematic reviews on information security risks and provide recommendations as needed.

QUALIFICATIONS & EXPERIENCE

Academic Qualifications:

• Degree in Information Technology, Economics, Accounting, Finance, Mathematics, Statistics, Law, Engineering, Business Studies etc.
• Post-graduate degree or professional certification in Risk Management (RM) and/or Business Continuity Management (BCM) is an added advantage.

Experience:

Preferably minimum 4 years in the Bank or industry experience i.e. Business Continuity or Information Technology

TECHNICAL SKILLS/ KNOWLEDGE

1. Consultancy and Advisory
2. Organizational Risk
3. Enterprise Risk Management or Business Continuity Management or Information Security Management
4. Operational Risk
5. Financial RisK
6. Cybersecurity

ONLY SHORTLISTED CANDIDATE(S) WILL BE NOTIFIED