Standard Bank is a firm believer in technical innovation, to help us guarantee exceptional client service and leading edge financial solutions.
Our growing global success reflects our commitment to the latest solutions, the best people, and a uniquely flexible and vibrant working culture.
To help us drive our success into the future, we are looking for an experienced IT Risk Solutions Manager to join our team at our Johannesburg offices.
Standard Bank is a leading African banking group focused on emerging markets globally. It has been a mainstay of South Africa's financial system for 150 years, and now spans 16 countries across the African continent.
Establish and innovate the risk management practice within the portfolio by assessing and maturing the capabilities, tailoring solutions for the respective portfolios and unique business context and risks.
Lead and manage the change required to drive effective risk management by influencing all executives, managers and staff to embrace a risk-
aware culture, remove impediments to effective risk management and connect IT risk practices to enterprise risk and stakeholders outside of IT.
This complex task is achieved by providing risk management coaching, training, commercially pragmatic advice, support and where required direct involvement in the implementation of the Group IT Risk framework.
Integrate, analyse and report the overall risk profile for the portfolio through collaboration with the embedded IT and Risk partners and external stakeholders, to align and coordinate risk management effort satisfying each areas objectives.
Key Responsibilities / Accountabilities
Assess, establish and mature risk management capabilities within the portfolios
Collaborate with the IT Portfolio Chief Information Officer (CIO) to assess the business operating context for the portfolio to inform a fit for purpose target state design for risk management
Design the target state for the risk management capability within the portfolio tailored for the unique requirements of the entity, aligned to the overall Group IT risk management guiding principles and standards
Research best practices in IT risk management and evolve the target state models to align with them
Perform risk management gap and capability maturity assessment for the portfolio against the target state identifying required capabilities to be established or matured
Execute detail design and innovate processes, procedures, methods and frameworks identified to be established or matured to reach target state
Collaborate with IT Portfolio CIOs to develop a road map to implement the necessary processes, procedures, tools and human resources to fulfil the requirements of the target state design
Monitor progress of the capability implementation and assist, intervene and escalate to relevant risk stakeholders (Business unit, Group Integrated risk, Group IT risk) or Group IT executive (CIO, Group CIO) for prioritisation of effort where necessary
Ensure alignment of risk management processes, procedures, frameworks, methods and tools to group policy and regulatory requirements
Orchestrate IT Portfolios risk management and vision with Group IT risk management strategy, and group enterprise risk management strategy and operational risk management requirements.
Devise and execute risk interventions or programs whenever risk appetite is in breach
Develop and implement the IT Risk Management practice and culture within the portfolio
Co-ordinate and participate in the IT Risk Guild providing input as it relates to all the entities within the portfolio
Develop practice learning architecture to enable continued growth of risk management skills across all IT staff in the allocated IT Portfolios
Design and implement portfolio relevant methods, frameworks, standard and tools aligned to Group IT Risk Management framework
Manage data and tool repository for the sharing of Risk related information and documentation
Build Agile risk competency guilds, coaching / mentoring
Provide training on the Group IT Risk management framework, processes, methods and requirements to all IT portfolios risk management stakeholders.
Provide remote, and on-site when necessary, support to IT portfolios business partners.
Lead and co-ordinate the implementation of IT Risk Management framework and Risk solution engineering within the Portfolio
Ensure clear understanding of the risk and issues relevant to the IT business partners
Work closely with the various risk management stakeholders within the portfolio to ensure delivery of the following : Risk appetite statement and regular assessment of risk profile against appetiteRisk identification and analysis aligned to strategic objectivesExpression of the top IT risks in the Risk Cards and Top IT risk dashboardsLead and lag indicators for risk drivers, risk exposures and control adequacyRisk mitigation plans.
Analyse and monitor the BU IT risk registers, including risk acceptances to identify interrelated risks that are independently captured, multiple risks impacting single functions, trends, MI etc.
and initiate corrective interventions where required
Analyse business operating environment and risk information (incidents, root cause, losses, scenarios, external events etc.
to identify potential new risks, risk trends and other useful management information
Research reputable agency’s (e.g. WHO, Gartner, Big 4 consulting houses etc.) IT and IT risk papers to identify new and emerging risks and trends which are relevant to Group IT
Review the control environment to determine adequacy and effectiveness and work with IT business partners to remediate where necessary
Champion compliance with risk related policy and standards
Assess the effectiveness of policy and standards and influence their improvement through active engagement with the policy owners and custodians.
Design and implement solutions in collaboration with IT business partners and provide risk advice for the effective treatment of identified risks
Research leading practice risk treatment strategies and controls for mitigating known risks to ensure sound risk advice.
Monitor, analyse and report the integrated risk profile for the portfolio
Establish relevant risk related metrics and management information to facilitate reporting and decision making
Ensure that KRI tracking and reporting is performed
Curate, monitor and analyse KRIs across the portfolios to identify key concerns and common trends and governance reporting
Aggregate risk information to provide a portfolio view of top risks and mitigation strategies providing an integrated view of the overall portfolio across all component entities
Contribute input into the reports to Group IT Committee, Group Manco and Group IT Risk and Compliance Committee whenever required
Collaborate with the PPM lead in the Agile portfolio office to provide an integrated risk view of the portfolio across all entities;
provide and support risk information related to portfolio for strategic objectives
Prepare for and contribute input in response to ad-hoc SARB requests, on-site visits and reporting requirements
Facilitate IT Risk management across Group IT improving the shared practice
Identify and analyse common risks and solutions within component entities in the portfolios, share with relevant stakeholders in order to make visible existing solutions and improve risk mitigation
Identify and communicate best practices / patterns developed in individual entities within the portfolio by propagating them within the portfolio and across the group through sharing at the relevant guilds and forums
Collaborate with risk managers working in other portfolios to share and solicit best practices
Adapt and implement best practices identified across the IT risk management landscape as relevant to the portfolio
Initiate and drive collaboration with relevant stakeholders centred around specific topics and issues
Participate in the development of new and the annual review of existing risk related policies, standards and guidelines by providing input to enhance the quality and completeness of these documents
Design and implement sustainable new risk management capabilities for Group IT in collaboration with the IT Risk Solutions team
Stakeholder management, engagement and collaboration
Identify and build a network of trusted relationships with all relevant stakeholders in the allocated IT Portfolios (e.
g. CIOs, IT Staff, embedded risk managers, in country risk managers, IOR risk manager etc.) in order to facilitate appropriate prioritisation of risk and risk capability work and to enable the embracing of a risk aware culture.
Obtain a clear understanding of the allocated IT Portfolios business and risk management stakeholders’ objectives and align with them the Group IT risk management objectives.
Create platforms to ensure regular, effective communication with IT portfolios risk management stakeholders to ensure they are always informed on all Group IT Risk initiatives as well as the status of risk within their portfolios.
Provide ad-hoc consulting and commercially pragmatic risk advice to business partners.
Forge relationships with risk professionals in other risk disciplines in the organisation / across the Group (second line).
Management of interface between Group IT and Internal and / or External Audit as required
Establish protocols for interaction with internal and / or external audit as required
Convey risk and control self-assessment to assist internal and / or External Audit with planning and evaluating audit results
Engage internal and / or external audit to address any issues arising from the execution of audits
Review and assess appropriateness of external audit findings, recommendations and conclusions
Assess the feasibility of commitments made by IT management to resolve IT audit findings and advise and guide them where necessary
Address escalations of external audit issues regarding progress and cooperation by members of Group IT
Review and provide commentary on tone and appropriateness of messaging contained in summary reporting to be tabled with Board and Executive committees.
Act as change agent, driving continuous improvement and new ways of working
Demonstrate buy-in to new way of work and organisational practices by supporting the implementation of new frameworks and methods to increase risk management efficiency and effectiveness of the IT organisation
Co-create an environment in which learning and continuous development are emphasised and valued, whilst taking personal responsibility for coaching and mentoring others
Drive continual service improvement by consistently aligning the IT risk management service offering to business demands and ensuring that business needs are managed effectively
Contribute to the shaping of a culture supportive of change, by engaging and influencing stakeholders positively on the importance of risk management aspects
Identify innovation in other risk areas for consideration of adoption in Group IT
Promote effective innovation in other BU risk areas through sharing developing and best practices in Group IT.
Preferred Qualification and Experience
Degree in Organisational Governance
Honours Degree in Risk, IT or Commerce (Preferred)
International Certificate (COBIT, Crisc, CISA)
A minimum of seven years' experience in implementing operational risk frameworks within a large corporate environment
A minimum of five years' experience in implementing a risk framework, preferably in an IT environment of a leading financial institution.
Knowledge / Technical Skills / Expertise
Ability to express ideas by means of clear and effective writing, in order to support professional communication internally within the Bank and externally.
Demonstrates knowledge and understanding of risk management methodologies, tools, governance structures and regulatory requirements for good management of risk.
The ability to define and analyse risk identification information in a quantitative and / or qualitative way.
The ability to facilitate the creation and adoption of an appropriate risk response strategy and to assign ownership for the risk response.
The ability to determine if risk management and control measures are achieving the desired results and mitigating risks at the expected level.
The ability to prepare quantitative and qualitative analysis on the risk landscape in the business including interpretation and analysis for use by business users.