Manager, Non - Financial Risk ( North West ) at Standard Bank Group

JOB DESCRIPTION

• To provide pro-active management and operational support enabling the implementation of the Non-Financial Risk (NFR) management strategy across the Business and Commercial Clients (BCC) business units and/or Consumer High Nett Worth (CHNW) business units considering the relevant 16 risk types, and risk management processes to identify and mitigate NFRs.
• This role supports Business Clients for North West Province. 

QUALIFICATIONS

• Degree and/or Post Graduate Degree - Business Commerce, Risk Management
• Certifications such as Certified Public Accountant (CPA), Certified Financial Accountant (CFA), Associated Charted Accountant (ACA), Certified Information Systems Auditor (CISA), or Institute of Internal Auditors (IIA), would be a distinct advantage.

Experience:

• 3-4 years of practical knowledge and experience under Information Risk which would include an understanding of the Standard Bank South Africa (SBSA) Information Risk Framework and Data Privacy Standard or Industry exposure to similar standards such as the Information Security Forum (ISF) Standard of Good Practice and Protection of Personal Information Act (POPIA).
• 5-7 years of practical knowledge of risk, control frameworks, assurance & applications in financial services industry. Fully conversant in risk appetite, risk response & process improvement concepts. Understand both non-financial risk and financial reporting risk characteristics.
• Experience within Business Banking is essential.

ADDITIONAL INFORMATION

Risk, Regulatory, Prudential & Compliance

• Report critical, material third-party engagements, challenges, or trends to the TPRM team as well as relevant risk governance forums such as Risk Control Committees (RCC) and determine the level of assurance required related to the third-party engagement by consulting with risk type owners, where required.
• Understand and implement the application of Payment Card Industry Data and Security Standards (PCI DSS) by following principles and associated criteria to determine the status of business units to prevent, mitigate or escalate risks where required.
• Stay abreast of all regulatory and compliance changes through sufficient engagements and collaborations with key stakeholders (IT Security, Data Governance, Logical Access Management (LAM), Payment Card Industry (PCI) Compliance and Data Privacy.
• Implement proactive actions around the management of prevailing, emerging and top Non-Financial Risk (NFR) exposures with urgency.
• Provide oversight and guidance to the business stakeholders during the third-party life cycle by challenging the mitigation in place if not aligned to the risk appetite, assessing the adequacy of control measures in managing the level of risks associated with third party engagements and by monitoring the overall third-party process to make sure it complies with the Third-Party Risk Management (TPRM) Framework.
• Provide guidance to business in regards with Information risk by identifying key information assets, risk events, causes and assist with the risk treatment to ensure that all significant information risk and control weaknesses are mitigated and if material reported.

Strategy

• Partner with business leadership through active participation in Business Risk Control Committees (BRCCs) and other strategic forums to translate NFR into business specific resilience capabilities.
• Optimise the Risk Market Place (RMP) functionality to unleash the full value-adding capability of Risk as a Service (RaaS) to the Group.

Data

• Implement data-led Non-Financial Risk (NFR) decisions and interventions in the lines of business.
• Facilitate the documenting of root cause analysis of any major/significant information risk related incidents, in alignment with the integrated operational risk to initiate prevention.