IT and Cyber Risk Assurance Specialist at Absa Bank Limited

Empowering Africa’s tomorrow, together…one story at a time.

Job Summary

Job Description

Knowledge requirements:

• Understanding of IT, cyber risks and technology governance.

• Understanding of artificial intelligence (AI) and machine learning concepts, including associated risks, governance frameworks

• Knowledge of project governance, project lifecycle risks, and delivery assurance.

• Understanding of data analysis techniques and assurance use cases for analytics.

• Familiarity with combined assurance principles and stakeholder coordination including a general understanding of governance, risk management, and internal control principles and knowledge of assurance methodologies and risk-based review approaches.

Key Responsibilities

Risk Assurance planning and execution

• Support the development and execution of the annual Risk Assurance Plan in alignment with key enterprise risks, regulatory requirements, and business priorities.

• Support and where required conduct / lead assurance reviews to assess the design and operating effectiveness of key controls - with a keen focus on IT, Cyber, Data and records management, change and project risk.

• Support and where required conduct / lead risk-based assessments across business, operational, technology, and project environments.

• Document walkthroughs, control assessments, testing procedures, findings, and conclusions in line with assurance methodology.

• Prepare clear and concise assurance reports, including identified issues, root causes, risk implications, and practical recommendations.

• Track management actions and validate closure of agreed remediation activities.

• Contribute to combined assurance activities through coordination with business, risk, compliance, internal audit, and other assurance providers.

IT/ Technology Risk Assurance

• Assess the adequacy and effectiveness of IT control frameworks, standards, policies, and procedures.

• Review system implementations, application controls, interfaces, and automated controls where relevant.

• Evaluate technology-related risks arising from digital transformation, cloud adoption, outsourced technology services, and system changes.

• Support assurance of compliance with relevant internal policies, governance frameworks, and regulatory expectations impacting technology and information risk.

• Engage with IT, security, and business stakeholders to understand system environments and control frameworks.

• Perform assurance reviews over IT general controls and key technology risk areas, including:

• User access management

• Privileged access management

• Change management

• Incident and problem management

• Backup and recovery

• IT operations

• System development lifecycle controls

• Third-party/vendor technology risk controls

• Cybersecurity governance and selected security controls

• Data governance and information security controls

Project assurance

• Provide independent assurance over strategic and operational projects to assess whether risks are being appropriately identified, managed, and reported.

• Evaluate project governance structures, steering arrangements, and decision-making processes. Review project management controls, including:

• Scope management

• Budget and cost control

• Timelines and milestone tracking

• Risk, issue, and dependency management

• Change control

• Benefits realisation

• Quality assurance

• Stakeholder management

• Assess whether projects comply with internal project management methodologies, risk requirements, and governance standards.

• Identify early warning indicators and emerging risks that may impact project delivery.

• Provide timely assurance insights to project sponsors, management, and governance forums.

Data analytics and assurance insights

• Champion the rolling out and embedment of the data analysis and analytics within the Risk Assurance methodology

• Use data analytics to enhance risk assessments, assurance planning, control testing, and issue identification.

• Analyse large datasets to identify trends, anomalies, control failures, and areas requiring further review.

• Develop and apply analytics-based assurance procedures for continuous monitoring and targeted assurance reviews.

• Prepare dashboards, reports, and visualisations to support management insight and assurance reporting.

• Perform data validation, reconciliation, and quality checks to improve the reliability of assurance outcomes.

• Collaborate with business and technology teams to obtain, interpret, and analyse relevant data sources.

• Support the continuous improvement of assurance methodologies through the increased use of analytics and automation.

Stakeholder engagement and reporting

• Build effective working relationships with business stakeholders, heads of risk, IT teams, project teams, and control owners.

• Facilitate discussions to validate findings, understand root causes, and agree practical remediation actions.

• Present assurance findings and insights to management in a professional, factual, and solutions-oriented manner.

• Provide input into governance forums, risk committees, and combined assurance discussions where required.

• Support the preparation of management reports, status updates, and thematic assurance insights.

Risk Assurance methodology, quality and continuous improvement

• Ensure all assurance work is performed in accordance with approved methodologies, standards, and quality requirements.

• Maintain complete, accurate, and auditable workpapers.

• Identify opportunities to improve assurance processes, templates, frameworks, and reporting.

• Keep abreast of emerging risks, industry developments, and leading practices in assurance, IT risk, project governance, and analytics.

• Support ad hoc reviews, investigations, thematic reviews, and special assurance assignments as required.

Qualifications and experience:

• Minimum of 5 years working experience in risk management and or internal auditing

• Minimum qualification: Bachelor’s degree in information systems/ cyber risk/ Project management or related

• Certifications: CISA (Certified Information Systems Auditor),CRISC, PMP or Prince 2 will be advantageous

• Experience: Demonstrated proficiency

• within financial services, insurance, banking, or a regulated environment would be advantageous.
  • IT control reviews / IT audit
  • Project assurance or project governance reviews
  • Risk-based assurance planning and execution
  • Data analytics, data interpretation, and reporting

Technical skills

• IT general controls review

• Project assurance and governance assessment

• Data analysis and interpretation

• Microsoft Excel (advanced), Power BI / data visualisation tools

• SQL and/or other analytics tools (advantageous)

Education

Bachelor Honours Degree: Information Technology (Required), Bachelor Honours Degree: Internal auditing

Absa Bank Limited is an equal opportunity, affirmative action employer. In compliance with the Employment Equity Act 55 of 1998, preference will be given to suitable candidates from designated groups whose appointments will contribute towards achievement of equitable demographic representation of our workforce profile and add to the diversity of the Bank.

Absa Bank Limited reserves the right not to make an appointment to the post as advertised