Head, Information Risk Management at Standard Bank Group

Job Description

• Responsible for establishing and maintaining a comprehensive, system-wide information security program, across Africa Regions, to ensure that information assets are adequately protected from the threat of Cyber and Information Risk, in alignment with Group Information Risk Management strategy and framework.
• Lead, develop and provision successful execution of the Africa Regions tailored Information Risk Management Strategy, which is aligned to the PBB Africa Regions Strategy, Operational Risk Africa Regions Strategy and the Group Information Risk Management Strategy. In addition, ensure alignment of Information Risk Management Strategies with the relevant laws and regulatory requirements across the Africa Regions geographies (which drive the need for information related compliance).
• Collaborate with Group Information Risk Management in the development of a global approach of adopting Information Risk Management best practices through leadership of and effective partnership with all stakeholders in country, PBB Africa Regions Head Office and Group Operational Risk.

Qualifications

• Degree in Risk or Business commerce or Information Studies 
• Information risk and security management: CISM,
• Postgrad degree or similar                                
• Information Security and /or Information Risk Certifications (CISSP, CISA, CISM, CRISC or equivalent), Risk Management or Audit.

Experience Required

Information Risk Management

Risk & Corporate Affairs

• 10 years in Risk management. This function is accountable for defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It covers IT security - the responsibility for keeping the technology in the Group secure from malicious cyber-attacks and unauthorised access to critical or private information. It also covers information assurance - ensuring data is safe and retrievable when critical systems issues arise
• Practical knowledge of risk and control frameworks and application in financial services industry. Be fully conversant in risk appetite, risk response and process improvement concepts. Understand both information risk and financial reporting risk characteristics.
• Accountable for the classification, monitoring and storage of the bank's data. It maintains capabilities related to data warehousing, database administration, analytics, business intelligence and operational reporting.