IT Risk & Continuity Management Head at Zambia National Commercial Bank PLC

Zambia National Commercial Bank Plc (Zanaco) is inviting applications from suitably qualified and experienced individuals for the following job aimed at contributing to the Bank’s strategic vision, in the Risk & Compliance Division under the Integrated Risk Management Department at Head Office:-

IT Risk & Continuity Management Head

JOB PURPOSE

The mandate of the IT Risk & Continuity Management Head is to ensure that effective enterprise Information Technology (IT) Risk Management governance and the Business Continuity Management (BCM) framework are consistent with general regulatory requirements and that industry best practices/standards are developed, maintained and adhered to across Zanaco. The role is responsible for coordinating and spearheading IT risk management activities as well as evaluating overall IT risk. This role also ensures that a BCM framework is developed, maintained, and adhered to across the Enterprise.

Under the supervision of the Head Integrated Risk Management, the following are among the Job Key Responsibilities:-

• Assisting the Head Integrated Risk Management (IRM) in setting IT risk strategic direction and implementing enterprise wide IT risk for business divisions within the Bank.
• Assisting with the ongoing development and implementation of IT risk policies and procedures.
• Maintaining the Bank’s IT risk profile, including an IT Risk Appetite Statement that includes tolerance and risk appetite levels.
• Facilitating the identification, assessment and evaluation of IT risk to enable the execution of the enterprise risk management strategy.
• Identifying potential threats and vulnerabilities for business processes, associated data and supporting capabilities to assist in the evaluation of enterprise IT risk.
• Facilitating the creation and maintenance of risk registers to ensure that all identified risk factors are accounted for.
• Implementing a process to establish line of business accountability.
• Managing the risk mitigation, escalation and reporting processes.
• Developing a risk awareness programme and conducting training to ensure that stakeholders understand risk and contribute to the risk management process and to promote a risk-aware culture.

• Reviewing and monitoring business units’ application of risk responses and mitigation strategies.
• Monitoring risk and communicating information to the relevant stakeholders to ensure the continued effectiveness of the enterprise’s risk management strategy.
• Collecting and validating data that measure key risk indicators (KRIs) to monitor and communicate their status to relevant stakeholders to assist in their decision-making process.
• Facilitating independent risk assessments and risk management process reviews to ensure they are performed efficiently and effectively.
• Identifying and reporting on risk, to initiate corrective action and meet business and requirements.

• Monitoring information systems controls to ensure the IT function processes are effective and efficient.
• Planning, supervising and conducting tests to confirm continuous efficiency and effectiveness of information systems controls.
• Collecting information and reviewing documentation to identify information systems control deficiencies and determining the approach to correct deficiencies.
• Reviewing information systems, policies, standards and procedures to verify that they address the organisation’s internal and external requirements.
• Evaluating the current state of information systems processes to identify the gaps between current and targeted process.
• Providing information systems control status reporting to relevant stakeholders to enable informed decision making.

• Serving as liaison to auditors and consultants regarding documentation and review of IT risk.
• Communicating audit and review results to appropriate parties and ensure that issues are addressed and corrective actions are implemented.
• Keeping a tracking action list of all audit issues relating to IT risk.
• Participating in IT projects and initiatives to bring pro-active risk management focus into solutions.

• Effectively working with senior management and other BCM governance structures in all lines of business to coordinate business continuity governance activities.
• Contributing to the development and maintenance of the enterprise-wide business continuity management programme including development of tools and instructional guides for the business.
• Continuity planning and event management, development and facilitation of enterprise wide event exercises, development of corporate policy, standards, and guidelines.
• Contributing to establishing and maintaining programme processes and practices, which effectively ensure that the enterprise programme remains current, incorporates/aligns with industry standards and practices as appropriate, and adequately covers general regulatory requirements.
• Supporting and/or leading processes that support BCM Control Self-Assessment (CSA) governance requirements as part of the enterprise operational risk framework (as assigned).
• Provides guidance and direction to an assigned clientele (Divisional functions, Branches and various services to ensure their business continuity management processes are in accordance with the Bank’s enterprise wide business continuity management programme and quality standards.
• Ensuring appropriate integration of requirements and information obtained from various sources including external regulators.
• Participating as independent business continuity professional in support of various other initiatives to achieve the risk management objectives of ERM.
• Keeping abreast of industry best practices and trends.

• Reviewing the IT Disaster Recovery Plans.
• Monitoring the regular testing of the plan and the monitor of updates for major changes. in hardware, applications and business requirements accordingly.
• Monitoring the testing and reporting of data backup restorations

INTERNAL/EXTERNAL CONTACT

• External: Regulators and external auditors
• Internal: All Divisions.

QUALIFICATIONS AND EXPERIENCE

• Minimum: Degree in Information Technology/Computer Science
• Expected: Industry certification in one or more of the following: CISA, BCI, PMI, CA, CRISC, CCSP, ITIL, CISM, CISSP etc.
• Preferred in addition to the above: MBA or CA with operational experience preferred.
• 7 years breadth of exposure to operations, production and technology environment and/or various operational environments within the financial services industry and/or Business Continuity Management industry.
• Experience in information technology, information technology risk, information security or information technology audit related functions
• Reasonable depth of exposure/understanding of Business Continuity Management processes and best practices – international BCM standards promoted by BCI, DRI and ISO.
• In-depth understanding of IT risk governance, IT risk management best practices and protocols.
• A strong understanding of Operational risk and resilience, Business Process improvement methods as well as risk related control frameworks and practices (COSO, ISO, ITIL, COBIT, etc.).
• Solid knowledge of IT and Operations Audit methodology is an advantage.
• Solid understanding of the Operational Risk Management methodology.

   

JOB CORE COMPETENCIES

• Strong organisational skills.
• Excellent communication skills, especially related to facilitation, documentation and reporting.
• Highly developed relationship management skills
• Influencing and leadership skills.

.