Head, Information Risk at Stanbic IBTC

Job ID: 30349
Location: Lagos Island
Job Sector: Governance

Job Details

• Risk Management: understanding all risks - from the economic to the political - that could affect our global business, and offering guidance to all parts of the bank.

Job Purpose

• To provide, manage and implement Information Risk Policy in a financial/banking business environment.
• To act as a trusted and thought-leadership expert in Information risk management that equips business with the mechanisms to identify, mitigate and treat information risks in the institution

Key Responsibilities/Accountabilities
Manage Information Risk:

• To pro-actively manage information risks/threats to the business.
• Manage the development, provisioning and successful execution of a proportionate information risk treatment programme (e.g. mitigate, accept, transfer and avoid).
• Develops and maintains strong business and centres of excellence relationships, becoming a trusted partner, as well as building relationships with corporate functions such as Group Internal Audit, Group Compliance, Business Information Risk and Group Information Technology.
• Delivers information risk assessments and guides business managers on the appropriate risk control strategies, whilst aligning information risk strategies with business objectives.
• Coordinate information risk self-assessment, risk assessment, analysis, rating and provides control recommendations using the established Information Risk Management framework.
• Initiates, facilitates, and promote activities to create information risk awareness within the organization, including awareness of information risk related regulatory issues that have a potential impact to the environment in alignment with group wide awareness activities.
• Coordinates and serve as a facilitator and liaison between the Business lines, Embedded Information Risk and the Group Information Risk Office for the successful remediation of information risks.
• Manages the engagement process of information risk assessments and acts as a liaison with centres of excellence to deliver value to the business
• Advices business personnel regarding the value and methods of safeguarding information.
• Establish cooperative dialogue between Business, Embedded Information Risk, Group Financial Crime Control, Group Information Risk Office and IT Security by visible and consistent action in monthly meetings.
• Reviews the ability of the business to execute against group-wide risk and control mandates.
• Promote a fit for purpose approach to adopting information risk best practices in the Business lines.
• Promote self-compliance to information risk governance standards, policies and standards by closely monitoring and engaging countries on agreed POW.
• Manage, and develop business personnel knowledge to ensure better information protection and management across with the assistance of information risk practitioners through awareness, training and workshops.
• Acts as liaison between Business and various Governance, Control & Risk offices within the bank to create and maintain reporting, problem resolution, and other tasks necessary to continuous improvement and evolution of services.

Internal & External Relationships
PBB - Business risk assessment/analysis:

• Nature of relationship: Provide a service to them
• Sphere of influence: Impact the whole business line (PBB, IB or EF)
• Description or examples: Working relationship with PBB Management

CIB - Business risk assessment/analysis:

• Nature of relationship: Provide a service to them
• Sphere of influence: Impact the whole business line (PBB, IB or EF)
• Description or examples: Working relationship with CIB Management across the bank.

Corporate Functions - Business risk assessment/analysis:

• Nature of relationship: Provide a service to them
• Sphere of influence: Impact the whole business line (PBB, IB or EF)
• Description or examples: Working relationship with Corporate Functions Management

Industry - Influence industry norms:

• Description or examples: Through fora such as Risk Managers Associations of Nigeria, Institute of Operational Risk, etc

Preferred Qualifications and Experience
Qualifications:

• Bachelor's Degree in Sciences, Information Technology, Engineering, Commerce or Business Administration
• Relevant IT certifications. will be an added advantage

Experience:

• Risk Management - Operational Risk Management: 5 - 7 years Risk and Technology experience in a large global corporate environment Good understand of all aspects of Operational Risk Management High degree of understanding of all aspects of risk within a technology environment
• Business Support - Operations: 5-7 Years Good understanding of the Operations function and business processes relating to Wholesale and Retail banking transactions. This includes Procurement and Facilities Management.

Knowledge/Technical Skills/Expertise
Evaluation of Internal Controls:

• Competency Description: The ability to analyse process controls for effectiveness from a design and implementation perspective

Remedial Action Development:

• Competency Description: The ability to develop control improvements required to mitigate the risks or control failures identified during internal audit reviews.

Risk Acceptance:

• Competency Description: The ability to facilitate a formal acceptance process of reviewing and accepting residual risk, depending on the outcomes of risk identification and measurement.

Risk Response Strategy:

• Competency Description: The ability to facilitate the creation and adoption of an appropriate risk response strategy and to assign ownership for the risk response.

Evaluating Risk Management Effectiveness:

• Competency Description: The ability to determine if risk management and control measures are achieving the desired results and mitigating risks at the expected level.

Technology Orientation:

• Competency Description: The understanding of broad areas that form technology landscape and how they complement each other in for specific IT solutions or decisions. This would comprise of, but not limited to, the following: BI, CRM, ERP, Database, Open Source, Web 2.0.