E-business Risk Analyst at Stanbic IBTC

Position Description

Job purpose
The E business, risk analyst role is part of an integrated group wide organization dedicated to bring the organization’s information risks under explicit management control in order to prevent significant reputational, financial or other loss to Stanbic IBTC and its clients. This is being achieved through the efficient and effective application of risk and information systems business (electronic business) expertise to identify risk areas within existing and proposed solutions. The role performs the following activities:
• Review effectiveness of control implementation of Key Controls and Business Specific Control
• Support Business lines, e-business, Operational Risk and the SBG Information Risk Office for the successful treatment of risks across all information system platforms.

Key responsibilities
Review effectiveness of control implementation of Key Controls and Business Specific Control
• Highlight effectiveness of risk identification and implementation of key and business specific controls
• Monitor external and internal compliance requirements on all payments and collection platforms as well as other related systems
• Assessment of the control environment with specific reference to high risks identified and key controls implemented by 3rd parties.
• Recommendations on process and control gaps.
• Tracking and monitoring of control gaps and action plans.
• Provide Information Risk specific content to business partners and IR stakeholders
• Provide insight to the dynamic threat landscape across relevant e-business (i.e. payments and collection) platforms positioning the banks’ risk posture against these trends
• Analyse, correlate and reconstruct events where business operations related risk incidents have occurred within the Bank, determining the root cause, and proposing alternatives to prevent recurrence.
• Define the necessary procedures to drive information risk management on major business initiatives / projects, providing control advice and measuring control effectiveness and efficiency.
• Awareness of Technology and electronic business risk threat landscape as it relates to the Bank
• Identify trends and mitigation approaches to business challenges in business operations.
• Advise on information system risks and threat trends to new business opportunities in the e-business world.
• Provide a holistic view of the risks to the bank’s e-business platforms introduced by personnel, processes, technology and external events.
Support Business lines, e-business, Operational Risk and the SBG Information Risk Office for the successful treatment of risks across all information system platforms.
• Support the ongoing knowledge management and formalization of what risks and threats the group faces and how they are being addressed.
• Support incident response planning and investigation of customer data breaches, and assist with disciplinary and legal matters associated with such breaches as necessary.
• Initiate, facilitate, and promote activities to create risk awareness within the organization, including awareness of information risk related regulatory issues that have a potential impact to the environment in alignment with group wide awareness activities.
• Support the engagement process of risk assessments and acts as a liaison with business lines to deliver value to the business.
• Establish cooperative dialogue between Operational Risk, e-business, Financial Crime Control, and IT Security by visible and consistent action.
• Promote self-compliance to information risk governance standards, policies and standards.
• Develop business personnel knowledge to ensure better information protection and management
• Support relationship with vendors and suppliers to ensure full value of contracts is realised.
• Promote a continuous awareness of information risk value to ensure timely engagement by business managers.