Senior Manager: Cyber Risk

Bring your possibility to life Define your career with us
- With over 100 years of rich history and strongly positioned as a local bank with regional and international expertise, a career with our family offers the opportunity to be part of this exciting growth journey, to reset our future and shape our destiny as a proudly African group.Job Summary

Ensure that all activities for the centre of competence and duties assigned are carried out in full compliance with regulatory requirements, enterprise-wide risk management and governance, management frameworks (and other applicable guidelines), internal policies and standards

**Job Description**:
The Senior Manager : Cyber Risk - Third-Party Risk Centre of Excellence will act as Subject Matter Expert, advisor, consultant, and coordinator group wide, therefore must:
Understand the business value chain and leverage from all sub-functions and activities.

Stay abreast of market, tools, methodologies, practice changes and act as an advisor to guide business in managing the applicable risks exposures and provide Research and Development services, support and systems pertaining to Third-Party Cyber Risk.

Be responsible for designing, implementation and monitoring of group-aligned and integrated risk governance, insights & reporting in terms of third-party cyber risks exposure.

Provide advisory, insights and specialist support services to the central functions and business units’ processes relating to third-party management in terms of the relevant risk types.

Consult all available enterprise frameworks to shape and inform the PPSG’s (Procedures, Policies, Standards and Guidelines) to be adapted by the COE as they relate to the management of third-party cyber risks and provide specialist support to all Business Heads, Executives and Line Management with required governance, controls, monitoring and group wide reporting, in terms of the relevant risk types.

Develop and implement group wide third-party cyber risk proactive and preventative models, controls, processes, systems and tools, KPIs, key risk drivers, and associated risk impacts.

Identify potential risks using data, dashboards, and/or other relevant metrics by analyzing risk information. Provide advice and recommendations regarding any emerging risks, trends, and early detection of issues for the relevant risk types by employing their capacity and tools to be innovative while recognizing and respecting the need to be prudent in Third-Party risk management.

Support and promote an effective risk culture, where there is an open, proactive, and constructive dialogue in the management of the relevant risk types and enable management to monitor the effectiveness of the control environment and to take action to prevent, mitigate and remediate the relevant risk types, where required.

Key Accountabilities and Responsibilities

Training and Communication

Leadership and Stakeholder Management

Engage and coordinate internal stakeholders across various business areas and functions across the group and external stakeholders (e.g., regulators and other third-parties). Provide strong leadership (of self), direction and display role model behaviors, inspiring others to work together to achieve the strategic vision. Build effective working relationships with key stakeholders and information flows across the business units, risk functions and the various entities. Assist the business units on execution of strategy by providing advice on risk/control and challenge decisions that pose risk. Advise leadership on emerging global third-party risk trends and advise accordingly. Support and influence the organization in improving the third-party risk management through digitization, automation, standardization, and simplification.

Third-Party Risk Management and Governance

Advise on risk decisions and escalate risk decisions to the relevant Head. Assess the relevance and performance of the third-party risk indicators and thresholds as defined in the monitoring tools and methodologies, leveraging on the business risk appetite or materiality thresholds. Partner with the second line of defense and in-business unit teams to provide guidance on issue/action documentation, tracking, escalation, and remediation. Investigate third-party matters affecting the relevant business risk profile, which may pose an undue risk. Oversee deep dive and lessons learnt exercises for material risks, including the review, challenges, and tracking/escalation of findings. Review and lead major remediation plans for adequacy, completeness, and progress. Escalate any unresolved concerns directly to the Business Heads. Ensure that third-party processes, control requirements and governance frameworks that impact the relevant risk types are documented and understood by all interacting members of the team and value chain. Create and maintain a central communication portal (knowledge base) for the COE to ensure knowledge content is up to date and rele