Manager, Operational Risk
Manager, Operational Risk – Information
Risk, Technology and Cyber risks and Business Resilience
Database Administrator
Standard Bank is not an abstract legal entity. We are our
people. And our people have a distinct culture – a way of thinking and
behaving.
To help us embody this culture in everything we do, we’ve come
up with six attributes: expertise, opportunity, integrity, collaboration,
performance and growth. These attributes explain what we believe in
collectively. They also guide our behaviour and give us a shared frame of
reference for what matters most to us. Ultimately, these are qualities we want
our business to stand for.
·
Job Type: Full Time
·
Qualification: BA/BSc/HND
·
Experience: 1 – 5 years
·
Location: Nairobi
·
Job Field: ICT / Computer
Job Details
Risk Management: understanding all risks – from the economic to
the political – that could affect our global business, and offering guidance
to all parts of the bank
to all parts of the bank
Job Purpose
To support the Head of Integrated Operational Risk in the
effective and proactive management of Information Risk, Technology and Cyber
risks and Business Resilience within the Bank aligned to the business strategy,
operating model and Group Risk management policies.
This includes partnership with Business functions, Information Technology, Corporate Functions and Risk stakeholders to ensure that the processes for identifying, measuring, controlling and reporting of Information risk, Technology and cyber risks and Business Resilience is aligned to the Group risk framework.
This includes partnership with Business functions, Information Technology, Corporate Functions and Risk stakeholders to ensure that the processes for identifying, measuring, controlling and reporting of Information risk, Technology and cyber risks and Business Resilience is aligned to the Group risk framework.
The provision, management and implementation of Information
Risk, Technology and Cyber risks and Business Resilience management
requirements across the Bank.
Acting as a trusted business partner who equips the business with the mechanisms to identify, mitigate and treat information, technology, cyber and business continuity risks.
Acting as a trusted business partner who equips the business with the mechanisms to identify, mitigate and treat information, technology, cyber and business continuity risks.
Responsibilities
Key Information Risk, Technology and Cyber risks management
Responsibilities
·
To pro-actively manage information
risks/threats to the business in line with the requirements of the Information
Security Standard – ISO 27002, Central Bank Prudential requirements and
Standard Bank Group information risk objectives.
·
Provide information and cyber risk
subject matter expertise on the features and capabilities of the bank’s
technology platforms and explore creative ways to address these risks based on
new needs
·
Delivers information risk assessments
and guide on the appropriate risk control strategies, whilst aligning
information risk strategies with business objectives.
·
Manage the development, provisioning
and successful execution of a proportionate information risk treatment program
(e.g. mitigate, accept, transfer and avoid), as the
·
Bank transforms to digital platforms
·
Develop and maintain strong business
and centre of excellence relationships, becoming a trusted partner, as well as
building relationships with corporate functions such as
·
Internal Audit, Compliance,
Information Security, Information Technology, Corporate and Investment Banking,
Wealth and Personal and Business Banking.
·
Coordinate information and cyber risk
self-assessment, risk assessment analysis, rating and provides control
recommendations using the established Information Risk Management framework.
·
Manage the engagement process of
information risk assessments and acts as a liaison with centres of excellence
to deliver value to the business
·
Advices business personnel regarding
the value and methods of safeguarding information.
·
Provide a holistic view of the risks
through comprehensive reporting to the bank’s information assets introduced by
personnel, processes, technology and external events.
·
Supports the ongoing knowledge
management and formalization of the risks and threats the bank faces and how we
choose to manage them through risk management reporting guidance.
·
Manages risks to banks information
assets and assists businesses by specifying adequacy of control(s) required and
validating the effectiveness of controls implemented in conjunction with
business risk appetite.
·
Manage and track information risk
control efforts and escalation to Head, Operational Risk where inadequate mitigation
is evident.
·
Creates risk metrics and reports for
tabling at risk governance committees at required frequencies including but not
limited to Risk Management Committee and Board Risk Committee, the right
management structures and drive remediation of said risks.
·
Effectively communicates with
stakeholders to ensure support and commitment for the information risk and
cyber security risk management program and to prioritize control initiatives
and spending based on appropriate risk management.
·
Coordinate incident response planning
and investigation of information risk, cyber security and technology related
breaches, and where necessary support disciplinary and legal processes arising
from such breaches
·
Initiate, facilitate and promote
activities to create information risk awareness within the organization,
including awareness of information risk related regulatory issues that have a
potential impact to the environment in alignment with group wide awareness
activities.
·
Coordinate and serve as a facilitator
and liaison between the Head, Integrated Operational Risk, Business lines,
Embedded Information Risk and Information Risk Office for the successful
remediation of information, technology and cyber risks.
·
Establish cooperative dialogue
between Business, Embedded Information Risk, Group Financial Crime Control,
Information Risk Office and IT Security by visible and consistent action in
monthly meetings.
·
Promote a fit for purpose approach to
adopting information risk best practices within business units.
·
Promote compliance to information
risk governance standards and policies.
·
Manage, and develop business
personnel knowledge to ensure better information protection and management
across with the assistance of information risk practitioners through awareness,
training and workshops.
·
Acts as liaison between Business and
various Governance, Control & Risk offices within the bank to create and
maintain reporting, problem resolution, and other tasks necessary to continuous
improvement and evolution of services.
·
Provide assurance on the management
of relationship with vendors and suppliers to ensure full information risk
value of the contracts entered is realised to the Bank.
·
Review and provide advice on existing
innovation related standards, digital products and rollout of the same as
relates to the information risk and technology risk associated with these
activities.
·
Participate in industry education and
networking events, maintain relationships with external community and
encourages continuous benchmarking of the Bank information risk, technology
risk and cyber risk management against good practices and industry practice
·
Proactive identification of key
themes / initiatives / products and their potential risks across business unit
and advising on improved management and mitigation of risks.
·
BCM Capability lifecycle management
that includes:
·
BCM Governance – Policy Enforcement
and Programme Administration
·
Business Impact Assessment & Risk
Assessment – Analysis
·
Business Continuity Strategy – Design
·
Business Continuity Planning –
Implementation
·
Pro-actively manage business
continuity risks/threats to the business in line with Central Bank of Kenya
Prudential guidelines, Standard Bank Group requirements and requirements of the
Business Continuity Standard – ISO 22301.
·
Support and assist business entities
in defining suitable and cost-effective recovery strategies/plans in accordance
with policies, standards and framework best suited to their environment and
aligned to the culture, complexity and risk appetite.
·
Works with Business Continuity
stakeholders/ representatives in business to conduct, document and sign off
Business Impact Analysis in-line with business resilience standards.
·
Assist the business with Business
Continuity readiness by conducting Desktop Work- through Exercises with them.
·
Create staff education and awareness
training to promote BCM awareness and culture using mechanism such as intranet,
E-Learning, Emails, Presentations, periodic workshops and Email communications.
·
Coordinate the establishment and
implementation of work area recovery site plan, document, maintain, rehearse
and conduct recovery strategies exercises at WAR sites.
·
Ensure third party recovery plans are
validated in accordance to our recovery priority agreement.
·
Manage and conduct business resilience
exercises designed to ensure that all business functions and crisis teams are
regularly tested in accordance to their criticality, capabilities and risk
profile.
·
Ensure BCM and IT DR are aligned with
business risk appetite and recovery priorities, documented, tested and reported
to create business awareness.
·
Manage, train and administers the
appropriate BCM tools ensuring they are up to date, functional and fit for
purpose
·
Promote, manage and implement
business continuity program of work ensuring compliance with regulatory
requirements.
·
Provide monthly dashboard and Program
of Work update report.
·
Ensuring that the following business
documents are up to date and ready for execution to recover their, people,
business process, technology and facilities in the event of an emergency,
crisis or disaster:
·
Epidemic and Pandemic plan
·
Emergency Management/Site Plan
·
Crisis Management Plan (Including
One-Pager)
·
Business Recovery Plan (including a
recovery priority list for both business and IT)
·
Elections Readiness Plan
·
Working with the Bank’s physical
security office, keep abreast with developments worldwide that may impact
business, by reading newspapers, internet news sites, TV, radio etc. Action
should be taken to report/communicate to staff, on strikes, threats and
possible disruption to the business via email, BulkSMS etc. (communication must
be signed off by relevant authority).
·
Ensure wardens and first aider
training is conducted for assigned staff.
·
Schedule and conduct call tree
exercise in accordance with BCM standards and regulatory requirements.
·
Attend BCM related training workshops
and provide thought manager-ship on BCM related matters.
·
Monitor, promote and maintain an
understanding of current/future business continuity trends and threats.
·
Coordinate Evacuation Exercise in
accordance to BCM standards:
·
Coordinate in-line with evacuation
checklist (pre, during and post evacuation)
·
Coordinate with premises, physical
security and OHS teams:
·
Briefing and de-briefing sessions
·
Compile and distribute internal communications
·
Facilitate exemptions process
·
Publishing of final report and
distribution to all stakeholders
Qualifications
·
Undergraduate degree in Information
Technology, Computer Science/Engineering
·
At least one professional information
security qualification: CRISC, CISM, CISA, CISSP or any other technology
risk/security
related certifications
related certifications
·
Proven experienced with ISMS and
similar related standards as well as cyber security technologies
Good report writing, presentation and communication skills.
Good report writing, presentation and communication skills.
·
5 years work experience
Knowledge/Technical Skills/Expertise
Skills and knowledge
·
A relevant tertiary qualification (an
operational risk management qualification would be an advantage);
·
Working knowledge of transaction
processes relevant to products and services offered to customers e.g. within
the corporate and investment banking and /or retail banking space;
·
Practical knowledge of how to input,
access and utilise information from the network/systems to analyse and forecast
trends;
·
A working knowledge of the banking
operating systems and controls.
·
Problem solving
o The ability to identify and understand the business needs and
strategies and then to interpret and convert these into Information risk and
business resilience strategies;
o The need to identify the long term operational needs to support
the business effort;
o The job requires the incumbent to be able to handle authority
expediently, be orientated towards immediate accomplishments and to be a firm
decision-maker;
o Has a practical comprehension of the impact of the service
provided and relationship to staff and customer;
o Has a sound recall of processes and previous experience in order
to assist with problems raised.
·
Planning
o The ability to meet tight deadlines;
o Required to interpret, analyse, evaluate and formulate plans
based on information from a number of sources including Information Risk and
Business Resilience standards
o Take a short to medium term perspective with regard to business
planning;
o Build in the provision for adjustment in planning and ensures
plans are practical and in line with business objectives.
·
Decision making
o The job requires the incumbent to be able to handle authority
expediently, be orientated towards immediate accomplishments and to be a firm
decision-maker;
o Consider all the facts, options and possible outcomes prior to
making decisions;
o Quick to act upon potential opportunities and take the
initiative within limits of authority.
Key Performance Measures
·
Embedding of Information Risk,
Technology and Cyber risks Framework within Integrated Operational Risk.
·
Leadership over Information Risk,
Technology and Cyber risks Risk & Control Self Assessments (RCSAs), and
follow up of closure of control gaps identified;
·
Appropriate Key Risk Indicators
documented, tracked and monitored;
·
Information Risk and Business
Resilience Program of Work undertaken within set timelines, and achieving
desired objectives
·
Business Continuity Management (BCM)
updated and tested and fully compliant to Bank and regulatory requirements as
contained in the Central bank Prudential guidelines;
·
Satisfactory Information Risk,
Technology and Cyber risks and Business Resilience audit reports.
·
Satisfied customers as measured by
internal feedback surveys.
How to Apply
Database Administrator
Standard Bank is not an abstract legal entity. We are our
people. And our people have a distinct culture – a way of thinking and
behaving.
To help us embody this culture in everything we do, we’ve come
up with six attributes: expertise, opportunity, integrity, collaboration,
performance and growth. These attributes explain what we believe in
collectively. They also guide our behaviour and give us a shared frame of
reference for what matters most to us. Ultimately, these are qualities we want
our business to stand for.
Database Administrator
·
Job
Type: Full Time
·
Qualification: BA/BSc/HND
·
Experience: 5 years
·
Location: Nairobi
·
Job
Field: ICT / Computer
Job Details
Group Information Technology: Systems development, business
analysis, architecture, project management, data warehousing, infrastructure,
maintenance and production.
Job Purpose
To ensure effective and efficient management and support of
Oracle Databases and other Oracle related applications. This also entails
analyzing, documenting and proposing solutions for bank wide business areas and
preparation of both functional and technical database system specifications
(FSS & TSS) documents. Focus on database system optimization through analysis
and development with respect to the database systems in order to ensure that
desired functionality and performance is achieved as required by business. This
role is also charged with designing and development of appropriate solutions as
required by business to advance tactical and strategic initiatives.
Responsibilities
·
Proficiency in Oracle versions 10g,
11g and 12c, Oracle Cloud Control and Oracle ASM.
·
Strong understanding of Oracle
relational databases, data structures, and SQL.
·
Responsible for ensuring availability
and performance of the production and test databases that support the core
banking application.
·
Work with the team to ensure that the
associated hardware resources allocated to the databases and to ensure high
availability and optimum performance.
·
To proactively monitor the database
systems to ensure secure services with minimum downtime.
·
Responsible for providing trend
analysis to the service management team to enable them to make informed
decisions regarding resource management.
·
Responsible for all Oracle
developments that are aimed at ensuring efficient management and use of the
databases and ultimately aid all the application initiatives.
·
Responsible for problem escalation to
third parties as appropriate.
·
Responsible for improvement and
maintenance of the databases to include rollout and upgrades.
·
Responsible for testing of all Oracle
database changes including fixes, patches and upgrades in line with the laid
down change control policies. Responsible for implementation and release of
database changes after thorough and comprehensive tests with sufficient
engagement with all stakeholders e.g. application and infrastructure teams.
·
Responsible for the management and
support of Oracle Data guard solution with a view of ensuring a consistently
efficient backup process which ultimately aids IT efforts of meeting the
established Service Level Agreement (SLA) with business.
Qualifications
·
Bachelor’s degree in Computer Science
or a related discipline.
·
Work experience required, 5 years of
experience in design and administration of logical and relational databases or
systems analysis required.
·
Experience in the financial services
industry is a plus.
·
Oracle Certified Professional
·
Business Continuity certification and
ITIL will be an advantage
How to Apply