Audit Portfolio Manager Cyber at Nedbank

Job Purpose

The objective and scope of work of GIA is to determine whether the Group’s systems of internal controls, risk management and governance, as designed and operated by management, are adequate and effective. 

The scope of GIA’s work is determined by a risk-based approach and so the key risks facing the Group, including subsidiaries, and the requirements of the GAC, subsidiary Audit Committees and the Group and subsidiary Executive Committees. This should include alignment to business strategic priorities.

Job Responsibilities

The Audit Portfolio Manager – Cyber, in the discharge of his / her duties, shall be responsible, inter alia, to the Nedbank Group CIA / Portfolio Executives / Senior Audit Manager to: 
Support the periodic assessments of the outcomes of internal audit work to appropriate governing bodies, including the GAC, Board Risk Committee, Executive IT Committee (EITCO) and Group IT Committee (GITCO); 

• Report on the overall effectiveness of the governance, risk and internal control framework of the Group; 
• Comply with regulatory and corporate governance expectations of the internal audit functions;
• Report significant Cyber issues related to the processes for controlling the activities of the Group, including potential improvements to those processes; 
• Report periodically on the progress of the Cyber audit plan delivery; 
• Have in place a robust process to follow-up on management’s agreed actions to address Cyber issues raised by GIA; 
• Responsible for the delivery and measurable performance of their respective Cyber portfolio, including audit plan delivery;
• Apply judgement to provide an overall audit opinion on the Cyber system of internal controls of the Group;
• Provide insights from the outcomes of internal Cyber audit work to appropriate governing bodies;
• Maintain an open and constructive relationship as a Trusted Advisor with senior internal and external stakeholders including External Audit, Business Executives and other GIA Heads of Audit;
• Implement effective and efficient audit processes to ensure that audit processes are optimized and comply with the relevant governance expectations of internal audit functions;
• Develop and maintain relationships with business and key stakeholders to ensure robustness and completeness of audit coverage and contribute at an insight generator / trusted advisor to business to enhance assurance provided over the control environment;
• Contribute to the development of a 12-month rolling audit plan (including Cyber) using a risk-based methodology, taking into consideration specific business strategic focus areas, regulatory requirements pertaining to internal audit, as well as including any risks or control concerns identified by management, the GAC and the Board; 
• Deliver and report on the rolling Cyber risk-based internal audit plan; 
• Have a robust process in place to follow-up and report on management’s progress in implementing agreed actions to address Cyber issues identified by GIA; and 
• Maintain an open and constructive relationship with the CIA, GIA HoA: Digital & Technology, Business executives, and key stakeholders (including GIA Heads of Audit) by providing value added services and sharing information. 

Job Responsibilities Continue

• Implement the vision and strategy including the leadership and culture philosophy, stakeholder approach and internal methods and tools. This should include alignment to the Nedbank and Business Unit strategy;
• Exhibit diverse, visionary and inspirational leadership - promoting a globally competitive financial sector;
• Actively participate in the Group’s Combined Assurance Model;    
• Build a high-performance team through managing resources, retention and critical staff;
• Manage performance of reports and hold them accountable for managing the performance of their reports by taking corrective action as required, recognising and rewarding the team;
• Actively build a culture of improvement by ensuring the design and implementing active talent management, succession planning strategies for division and obtaining buy-in from relevant stakeholders; 
• Optimise performance and motivation by holding managers and auditors accountable for developing their staff and themselves;
• Empower team to make decisions and recommend tailored solutions to business unit specific problems, through coaching and mentoring practices; 
• Facilitate engagement and information sharing sessions amongst peers. Synergies across clusters and business units achieved;
• Take ownership and accountability for tasks and activities and demonstrate effective self-management;
• Follow through to ensure that quality and productivity standards of own work and team are consistently and accurately maintained;
• Support and drive the business's core values;
• Respond openly and constructively to feedback (positive and negative);
• Be a vision-led and values-driven leader; and
• Embodiment of the following characteristics:

Risk Optimiser

• Understanding that risk is at the centre of everything in banking
• Developing the appropriate risk appetite
• Managing risk without stifling innovation 
• Being sensible about risk

Client Centric Advocate

• Placing the client at the centre of everything you do
• Being relationship focussed (as opposed to product or mono-line focussed) 
• Collaborating with colleagues across organisational boundaries

Execution Expert

• Having a bias for action
• Focussing efforts on execution and implementation
• Practicing decisive leadership
• Simplifying things

Strategist

• Being a strategic thinker
• Being a strategic translator
• Being a strategic doer 
• Facilitating strategic dialogue

Essential Qualifications - NQF Level

• Advanced Diplomas/National 1st Degrees

Preferred Qualification

• Minimum required qualification: Commercial or related degree; 
• CISA; CRISK; CISM; CISSP (or another relevant IT Qualification)

Essential Certifications

• Certified Information Systems Auditor (CISA) and optional Certified Internal Auditor (CIA)
• Certified Internal Auditor (CIA) or Certified Information Systems Auditor (CISA) or Certified Financial Services Auditor (CFSA)

Minimum Experience Level

The following minimum experience is required:

• 8 – 10 years financial services experience in a senior position;

• Cyber experience in a Banking institute;
• Ability to operate independently; and
• Leadership experience leading teams.

The following additional experience is preferred:

• Significant technical knowledge on Digital (i.e. Network Architecture, Database, Disaster Recovery, IT General Controls, Mainframe, System Configurations, Online Banking and Mobile Apps etc.), and its supporting technologies and processes.