Senior Manager Controls & Security

Job Purpose:

Accountable for reducing to a minimum the required Capital Allocation Risk for all function units under CIOO which includes but not limited to Technology, Banking Operations Risk, Change, Projects, business interface, innovation, etc.

Responsible for ensuring that Operational Risk policies, standards, processes and procedures are embedded within the CIOO department.

Responsible for coordinating the improvement of the control environment so as to reduce operational risk exposure.

Responsible for ensuring that the CIOO area considers and implements relevant regulatory standards and policies to remain compliant all the time.

Responsible for ensuring that the CIOO area is proactive in addressing risk, audit and examination commitments. 

Key Responsibilities:

• In line with Enterprise Risk Management (ERM) framework, develop a control framework for each of the key functions under the CIOO area.
• After the approval of the Control framework, develop an implementation and embedment plan, execute and deliver the plan within agreed timeframe
• In line with best practice and international framework related to data, information security and overall systems security, develop an enterprise wise Security Strategy to ensure protection of company data and information with focus on confidentiality, integrity, availability of both data and systems.
• Develop an implementation and embedment plan of security framework, execute the plan within agreed timeline
• Maintain the Risk and controls policy frameworks within the CIOO area  and ensure updated on an annual basis
• Define an implementation plan of Operational risks policy by translating policy statements and concepts into action-able requirements and assigning roles and responsibilities amongst staff
• Engage staff in Risk policy implementation by communicating expectations, providing coaching and support
• Monitor compliance to Operational Risk policy requirements and advise management of any gaps by conducting periodic reviews
• Coordinate the closure of policy gaps by engaging management to define, agree and monitor progress
• Ensure the effective quantification of all risks under CIOO area by maintaining a framework for financial quantification and applying it across Risk incident reporting
• Ensure the effective communication of CIOO Risk profile to all NMB risk forums by preparing the relevant reports as per NMB standards
• Review and ensure necessary security, availability, change management controls are built in all projects, review all systems related project before implementation to verify that all necessary standards controls are in place
• Responsible for Control Issues (CI) projects at management Function level (CI).
• Identify and assess operational risks and Controls through the use of NMB defined standard frameworks and Industry standard frameworks.
• Collaborate with other Business Units in identifying and assessing operational risk for new products and services through the New Product Approval (PAC) process on request
• Coordinate risk assessments by engaging function risk and control owners on risk control assessment and ensuring that data is updated to relevant risk management systems some products cuts across multiple areas, i.e. infrastructure, apps, services, etc.
• Reduce risk exposure by identifying and/or validating control improvement plans as well as opportunities for risk transfer and avoidance
• Coordinate the implementation of control improvement plans by preparing progress updates, highlighting deviations and escalating “at risk” implementations to management
• Coordinate the implementation of Control related projects by “unpacking” milestones into specific actions, preparing progress reports, highlighting deviations and escalating “at risk” implementation to management
• Do pre-planning for Audits by identifying potential risk areas and processes and coordinating risk control assessment development
• Perform Assurance on Audit/Examination issues pending Issues assurance and identify any embedment weaknesses and/or implementation gaps by applying appropriate assurance frameworks.
• Establish relevant and implement-able action plans for pre-audit/audit/examination/pre-issues assurance remediation through applying appropriate industry best practice frameworks (e.g. ITIL, COBIT, PCI) and engaging with Risk/Control owners.
• Coordinate audit remediation action plans implementation by preparing progress updates, highlighting deviations and escalating “at risk” implementations to management
• Ensures that management and control self-assessments are carried out by implementing a monitoring mechanism, coaching and supporting line management and escalating exceptions.
• Verifies the quality of risk controls assessments , management and control self-assessments by conducting spot checks on control execution as per defined schedule and reporting template
• Establish industry , regulatory and external issues which impact operational risk by engaging with relevant business units, regulators and Industry bodies (e.g. PCI) and keeping up to date with their requirements
• Ensure that the CIOO functions are aware of requirements by communicating the relevance and impact of regulatory and external issues
• Ensure that compliance risk is managed by maintaining a compliance tracker and preparing action plans for exceptions in conjunction with management
• Coordinate the implementation of compliance plans by preparing progress updates, highlighting deviations
• Provide strategic direction of  operational risk and controls in CIOO area and ensure alignment and in support of the bank-wide strategy
• Ensure the development of a high- performing team through embedding formal Performance appraisal and informal coaching… Manage team on how to conduct meaningful Performance appraisal discussions with their direct reports and ensure that they conduct the process effectively
• Determine and analyze training and development needs for people in your area, Ensure that identified training is budgeted for and executed
• Establish and maintain a succession plan for the key roles in the area
• With the support from the HR Business Partner, interview and recruit new members and provide support to them during the recruitment of their teams on request
• Ensure that all poor performance is addressed through the NMB Performance guidelines and that continued poor performance is adequately dealt with.
• Develop appropriate Employee Opinion Survey action items together with the management team of the business unit and ensure that items are executed
• Motivate employees in the department and ensure that their efforts are recognized
• Act as second level escalation point for all grievances raised in the unit

Requirements:

• Project management
• Process/Operations design and management
• People management
• Risk management
• Report writing
• Presentation skills
• Systems implementation
• Systems architecture and design
• Systems administration
• Back up/Recovery and Systems continuity
• Understanding of financial sector operational risk management
• 6 years’ experience in audit/security/controls Industry, preferably 7 years’ experience in the Risk/Controls/IT/Operations Industry with exposure to the banking sector
• Experience in operational Risk management and Assurance
• Experience in operations, process and controls design and IT Governance
• Demonstrated ability to communicate complex issues and concepts in a simple manner
• Demonstrated ability and experience to develop and defend technical recommendations and budgetary plans
• Demonstrated experience working in a deadline-oriented environment managing multiple projects simultaneously
• Demonstrated experience and ability to work effectively in a dynamic, collaborative and fast-paced atmosphere
• Graduate – Information Systems/Computer science/Computer engineering/CISA, preferably Post-graduate – Information Systems/Computer science/Computer engineering/MBA 

Please note, interviews for this position will take place at our Careers in Africa Recruitment Summit in London, 16- 18th of May 2014. Relevant candidates will be contacted and invited to attend the event.