Job Title: Assistant Manager, ICT Risk
Reports to: Head, Enterprise Risk Management
Unit: Enterprise Risk Management Department
Department: Enterprise Risk Management
Grade: Band 4 – Manager
Date: TBA
Job Purpose Statement
The purpose of this role is to create and sustain a cohesive culture and approach to ICT Risks that gives assurance on the Bank’s ability to adapt, recover, or mitigate the impact of Information and Cyber risks on its business, customers, employees, shareholders, and other stakeholders.
Key Accountabilities (Duties and Responsibilities)
Internal Business Processes (75%)
Undertake risk assessments, analyze the effectiveness of technical and procedural control activities, and provide actionable recommendations to management.
Assess the Bank’s information and Cyber Security capabilities, operations, and supporting technology controls to identify risks and recommend pragmatic risk mitigation measures.
Identify and assess business disruption risks and their impacts associated with current business practices and strategic plans.
Identify critical points of failure in the Bank’s ICT disaster recovery plans and recommend risk mitigation measures based on best practice standards.
Review and report on the residual ICT risks.
Review and improve the training and awareness programs for Information and Cyber Security in the bank.
Succinctly frame emerging threats and risks in alignment with the existing risk profile.
Distill complex risk, process, and control relationships into simple dashboards/reports.
Demonstrate robust risk management oversight in supporting various internal assessments and regulatory examinations.
Support the development of the IT risk management practice, framework, and methodologies.
Review, report, and follow-up on closure of any noted gaps during the ICT risk assessments.
Periodical review of the ICT and Cyber Security policy, standards, and guidelines.
Customer (15%)
Drive customer satisfaction through timely ICT risk assessments that have been put in place to support business.
Provide prompt feedback on internal customer queries on ICT.
Learning and Growth (10%)
Responsible for delivering the performance objectives set and managing his/her own learning and development to build capacity and avail him/herself for coaching and training opportunities.
Job Dimensions
Reporting Relationships:
Direct Reports: None
Indirect Reports: Close working relationship with Risk champions and all stakeholders across the Bank.
Stakeholder Management:
Key stakeholders that the position holder will need to liaise/work with to be successful in this role.
Internal: Business Units, Technology & Operations, Enterprise Projects team, Internal Audit
External: Vendors, External Auditors
Decision Making Authority/Mandates/Constraints:
The decisions the position holder is empowered to make include:
Methodology and procedures for ICT Risk Assessment
Reporting of ICT risks to management
Follow-up with management to close ICT gaps identified
Work Cycle and Impact:
Long term planning: Three to six months
Short term planning: One week to three months
Ideal Job Specifications
University Degree in a relevant field
Master’s degree will be an added advantage
Relevant certifications in Information Security and Risk Management knowledge areas such as CRISC, CISM, CISA, CISSP, or equivalent.
At least 4 years’ experience in a similar role with exposure to Banking operations, Technology, or Assurance functions.
Practical Knowledge of BOU guidelines on ICT Risk Management.
Practical Knowledge of risk and control frameworks and their application within the Financial Services industry.
Ideal Job Competencies
Technical Competencies
Risk Management: Ability to anticipate and mitigate risk by developing appropriate Risk Management Policies.
Compliance and Regulatory Framework: A good understanding of the regulatory issues, reporting, and operational requirements as provided by BOU, URA, and other key stakeholders.
Conceptual and Analytical Skills: Ability to quickly grasp and understand systems and keen attention to detail.
Technology Skills: Knowledge and application of modern IS security management practices in the financial services industry.
Behavioural Competencies
Performance Management: Optimizing own productivity.
Communication and Interpersonal Skills: Effectively communicating with and managing customer expectations (internal and external), and other stakeholders who impact performance.
Knowledge and Application: Knowledge and effective application of all relevant banking policies, processes, procedures, and guidelines to consistently achieve required compliance standards or benchmarks.
Self-Empowerment: Developing open communication, teamwork, and trust to support performance and a customer-service-oriented culture.
Critical Thinking: Ability to think critically and analytically, expressing points of view supported by data (for both technical and non-technical audiences).
Collaboration: Collaborating effectively with colleagues, stakeholders, and leaders across multiple organizations to get consensus, socialize strategy, and achieve objectives.
Execution and Achievement-Oriented: Striving to achieve results, being measured and judged on performance standards.
Personal Ethics: Must be honest, fair, just, firm with himself, and of high integrity.
This job description has been signed off with reference to the organization’s core values and aligned competencies against these values.
How to Apply:
This is Full-time Job, To submit your application, please follow the link provided below.
CLICK HERE TO APPLY
