Assistant Manager, Operational Risk (IRM, BCM & Model Risk) at African Export-Import Bank (Afreximbank)

Reference Number: LEEBLR3
Location: Cairo, Egypt

Responsibilities

• Proactively Identify all material operational risks (including, Information Risk, Model Risk and BCM) across the head office, branches and at each business unit level as per the Bank’s approved risk identification methodology, following a top-down approach and taking into account risk causal factors, the likelihood of occurrence, impact, control activities and effectiveness of controls.
• Effectively assess and measure all material operational risks in accordance with the Bank’s adopted Basic Indicator Approach or any other alternative approach as appropriate.
• Ensure the effective management of the Bank’s material operational risks through adequate process controls and ensuring adherence thereto as well as implementing specific action plans to manage the risk causal factors.
• Effectively monitor significant operational risk exposures as well as material losses and escalate the same to the Line Manager for information and/or action. The frequency of monitoring should reflect the nature and magnitude of the risk exposures.
• Review all reports from internal/external audit, rating agencies and other assessing agents and ensure that identified operational risks are monitored and adequately managed.
• Ensure the effective implementation of the Bank’s Operational Risk Management tools (a) Loss/incidents database; (b) Risk register, (b) Risk and Control Self Assessments, (c) Key Risk Indicators, (d) Scenario Analysis, (e) Stress Testing and (f) Minimum Capital Computation for Operational Risk.
• Develop robust key risk indicators to serve as early warning indicators of increased risk, with appropriate risk threshold levels to provide a sound platform for the effective monitoring of operational risk exposures.
• Monitor and track agreed on action plans from the Operational Risk Management tools in VII above and ensure the timely escalation of all breaches and overdue remedial actions to the Line Manager for timely/appropriate action.
• Perform periodic control effectiveness tests for all mission critical (high risk) processes and make recommendations for consideration by the Line Manager.
• Coordinate enterprise wide information risk assessments and provide input into control enhancements for the remediation of identified vulnerabilities in line with the Bank’s information risk management policy.
• Develop annual information risk management plan/programme to guide the risk management across relevant IT areas, processes and infrastructure.
• Support IT risk response and mitigation strategies to ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives, in conjunction with information technology department /or relevant departments/units/functions and with the approval of Chief Risk Officer.
• Monitoring risk and communicating information on operational risks including (Information Technology, Model and Business Continuity Management risks) to the relevant stakeholders to ensure the continued effectiveness of the enterprise risk management strategy.
• Develop appropriate information risk reports in line with the requirements in the Enterprise Risk Management (ERM) framework, including maintaining and monitoring an IT risk profile dashboard
• Under take back testing and control checks across business departments/business unit in the Bank as part of measures to institute a stable as well as healthy risk and control environment.
• Support the Line Manager in the detection, prevention, deterrence, control, monitoring, investigation, reporting and escalation of operational risks across the Bank. Also support root cause analysis as well as carry out independent assessments with regard to material operational risk incidents.
• Provide operational risk oversight for key projects /initiatives i.e. undertake project risk assessments, documentation of material operational risk issues and follow through on implementation of identified action plans.
• Monitor, track and follow up on all long overdue action plans (internal, external, rating agencies) and ensure timely closure or the presence of effective interim controls and an acceptable residual risk profile.
• Provide oversight to ensure ongoing maintenance of IT Security Policies and Standards including alignment with industry leading practice and standards such as; COBIT 5, ISO/IEC 27001 (Information Security), ISO 22301 (Business Continuity Management) etc.
• The role will provide support for the end to end validation, oversight, and reporting on Business Continuity Management (BCM). Specifically, monitor trends and adopt a systematic approach including tools for early identification and reporting on emerging risks.
• Provide oversight and undertake independent validation of models used in the Bank; report periodically on material risks identified and follow through on relevant stakeholders to ensure management actions are implemented to address identified vulnerabilities.
• Support the manager in the implementation of relevant training interventions aimed at creating and sustaining risk management awareness culture across the Bank.
• Attend Bank meetings both internal and external from time to time as may be requested by the Line Manager.
• Undertake all such other roles and responsibilities as may be assigned by the Chief Risk Officer and/or Line Manager from time to time.

Requirements, Qualification and Skill

• Bachelor's degree in Computer Science, Business Administration, Banking or Finance from a recognized University plus a relevant post graduate degree;
• A professional qualification in information security, IT Audit, certification in risk management, Business Continuity Management (BCM) and Model Risk will be and added advantage;
• Experience of not less than five years with a leading Banking organization in Information Risk, IT Security or Operational Risk Management;
• Strong operational risk experience within financial services/industry (retail, commercial and corporate and investment banking) with working knowledge of banking systems, procedures and controls.
• Applied knowledge of Operational Risk Management tools is critical (e.g. Risk Register, RCSAs, KRIs, Escalation Matrix, Stress Testing, Scenario Analysis, etc.);
• Good experience in Information Security/Risk Management in technology environment: Practical knowledge of identity and access management, privileged access management, generic ID management, threat intelligence, vulnerability management, secure coding practices, cyber security assessment, data security and encryption, phishing, forensics, mobile security, etc.;
• Possess relevant skills and good experience in fraud investigation and model risk management;
• Good experience in the implementation of Business Continuity Management practices;
• Business product knowledge, including an understanding of financial processes to be able to determine their impact on risk and control;
• Proficiency in Microsoft Office programs including Word, PowerPoint, Excel, Outlook and other risk management system skills;
• Strong analytical and statistical skills. Ability to work independently with minimal supervision but collaborate with multiple team members;
• Ability to communicate and function in a culturally diverse and change-oriented setting with good knowledge of risk practices in Africa;
• Excellent oral and written communication skills in English. Knowledge of the Bank's other working languages is an added advantage (French, Arabic, and Portuguese);

Contractual information

• Permanent
• Willing and able to relocate to Cairo
• Suitably qualified candidates from all African nationalities are encouraged to apply