Job Summary

Be a trusted risk advisor that:
 Provide management with independent and objective end-to-end Operational and Resilience risk oversight in line with the Enterprise Risk Management Framework (ERMF) and Operational and Resilience Risk Framework (ORRMF).
 Understand business processes, model, key drivers, and risk.
 Identify risk using data, dashboards, and metrics. Analyse risk information and provide advice and recommendations on emerging risks, trends, and early detection of control failures. Set trigger benchmarks and actions and monitor improvements through DDM.
 Develop and promote a risk-smart workforce and environment thus ensuring that Business has the capacity and tools to be innovative while recognizing and respecting the need to be prudent in protecting the Bank and its customers’ interest.
 Support an effective risk culture, where there is an open, proactive, and constructive dialogue relating to Operational and Resilience Risks.
 Inform risk profiles and ensure operational and resilience risks are managed in line with approved risk appetite.
 Enable management to monitor the effectiveness of the control and governance environment and to take action to remediate and further mitigate operational and resilience risks where required.

Job Description

Main accountabilities and approximate time split

Leadership and Stakeholder Management Accountabilities

• Implement and maintain an effective Operational and Resilience risk management unit.
• Provide strong leadership, direction and display role model behaviours, inspiring others to work together to achieve the strategic vision.
• Build effective working relationships with key stakeholders and information flows across the Business, Centre Risk function and the various Countries.
• Assist the business on execution of strategy by providing advice on risk/control and challenge decisions that pose risk.
• Advise leadership on emerging global financial services operational risks / trends and facilitate proactive change ahead of threat materializing.
• Provide input into key 1st Line of Defense (1st LoD) governance and control Performance Development (PD) Plans and participate in year-end feedback process.
• Input into compensation structures, objectives, and performance management of employees where appropriate.
• Lead the organisation to improve risk management through digitization, automation, standardization and simplification.

Operational Risk Strategy

• Contribute to the development of the Country Risk Management strategy and AGL  Operational Risk Strategy.
• Ensure that the Country Operational Risk appetite is appropriate for the execution of the strategy.
• Set and recommend business level Operational Risk Appetite – monitor that business performance remains within appetite.
• Challenge completeness, relevance and management of risks associated with the execution of the Country strategy.

Operational Risk Framework, Policies and Standards Oversight

• Providing clear direction on the Operational Risk role, strategic plan, and key focus areas.
• Provide relevant coaching, guidance and training on the implementation and maintenance of the Operational Risk framework components (including Critical Process Assessments (CPAs), Key Indicators (KIs), Events, Strategic Risk Assessments, and Key Risk Scenarios etc.) and capital drivers.
• Assess the level of compliance for the relevant risk frameworks and policies.
• Manage / facilitate the Country Operational & Conduct Risk Committee and Combined Assurance Forum, in conjunction with the Country CRO.
• Remain abreast of the Operational Risk framework, policies, standards, procedures, and relevant legislation/regulations.
• Provide assurance that the Operational Risk Framework and Standards are implemented through Conformance Reviews where required and as directed by the Combined Assurance Forum.
• Maintain and promote network of Lessons Learned (including Root Cause Analysis) sharing across businesses and geographies. Educate business and facilitate appropriate proactive remediation of identified vulnerabilities.

Operational Risk Management Oversight

• Make Risk decisions within mandates delegated by the CRO and escalate risk decisions outside of discretion to the CRO. (Any individual or function which acts to restrict these powers must be escalated to the CRO.)
• Perform independent review and challenge of business /function performance and risk profile.
• Assess, challenge, and monitor the current and forward-looking Operational Risk exposure (financial and non-financial) i.e. considering all framework elements, strategic planning, business expansions/contractions and other major change programmes, including New and Amended Product Approval (NAPA).
• Support the scoping and definition of related Operational Risk deliverables and plans, ensuring that these are aligned to the central Operational Risk calendar.
• Assess the relevance and performance of the Operational Risk indicators and thresholds.
• Review the Key Risk Assessments (KRAs) for completeness, with appropriate challenge.
• Partner with the first line of defense to provide guidance on issue/action documentation, tracking, escalation, and remediation of Operational Risk issues.
• Investigate any matter affecting the business risk profile, which poses undue risk.
• Oversee deep dive and lessons learnt exercises for material risks, including the review, challenge, and tracking/escalation of findings. Review major remediation plans for adequacy, completeness, and progress.
• Oversee monthly loss event reconciliations and related attestations to ensure that all risk events and losses have been captured on the Operational Risk system.
• Ensure full and accurate reporting of risk events by the Business. Conduct post incident reviews and analyse root causes and ensure learning points are identified and any necessary remedial action is implemented with a view to improving processes and reducing operational losses.
• Escalate any unresolved concerns directly to CRO and the Centre Head of OR.
• In the event of a significant control failure or limit breach, ensure appropriate escalation, through the CRO and Centre Head of OR.
• Ensure that Operational Risk Management systems and tools are used, and that data is accurate, of good quality and current.

Operational Risk Reporting

• Report to business executives and Risk Committees on the risk profile and adherence to appetite.
• Validate data and information in relevant reports provided by first line of defense, as appropriate.
• Provide independent challenge on, and insight from relevant reports to senior management.
• Prepare appropriate current and forecast Operational Risk profile reporting as required by Country and AGL management / governance.

Accountability: Behavioral Competencies

• Personal accountability
• Independent in practice and in thought
• Engaged with a visible level of presence
• Appropriate level of inquisitiveness
• Able to understand business model, strategy, process, products and systems, and influence change.
• Confident to responsibly challenge on data or facts
• Ability to manage conflicts
• Influential (Able to influence outcomes and strategy decisions at the highest level
• (CMC and Board)
• Crisp and clear communicator, verbally and in writing
• See the big picture, and can get into the detail where necessary
• Focused without adopting a silo mentality

Risk and Control Objective

• Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Absa Operational Risk Framework and internal Absa Policies and Standards.
• Manage risk and control effectively by applying applicable risk frameworks and embedding a positive risk culture
• Understanding of own role in the end-to-end processes in which you play a part, including applicable risks and controls.
• Adhere to Absa’s policies and procedures applicable to own role, demonstrating sound judgment and responsible risk management.
• Report all risk events / incidents / issues using the defined process for your business area and help to understand why these happened and how to prevent them in future.
• Proactively look for ways to improve the control environment by considering what could go wrong in the processes you operate and how errors could be prevented.
• Continuous and proactive engagement with regulatory bodies, unions where applicable
• All mandatory training completed to deadline.

Role / Person Specification

Education and Experience Required

• Minimum B-degree in Risk Management, Economics, Accounting, Finance, Banking, or any equivalent qualifications
• 3 years Operational and Resilience Risk environment experience
• 3 years’ experience as an Operational Risk Officer / Manager or Business Risk Officer
• Knowledge & Skills: (Maximum of 6).
• Knowledge of banking legislation
• Knowledge of the risk environment, management  of both Operational Risk and Resilience Risk.
• Competencies: (Maximum of 8 competencies).
• Deciding and initiating action
• Relating and networking
• Persuading and influencing
• Presenting and communicating
• Applying expertise and technology
• Analyzing
• Adapting and responding to change
• Leadership

Mental & Environmental Demands

• Special work requirements:

Staying abreast with changes both internal and external environments

• Most complex decision that can be taken without referral to the manager:
• Decide on the most appropriate action to mitigate Operational Risk identified that needs immediate attention

Absa Purpose Behaviours & Values

 Absa’s Values and Behaviors represent the set of standards which governs the actions of all of us who work for the bank and against which the performance of every one of us in Absa are being assessed and rewarded:

• Trust
• Resourceful
• Stewardship
• Inclusive
• Courage 

Education

Bachelor`s Degrees and Advanced Diplomas: Business, Commerce and Management Studies (Required)

• Assess the level of compliance for the relevant risk frameworks and policies.
• Manage / facilitate the Country Operational & Conduct Risk Committee and Combined Assurance Forum, in conjunction with the Country CRO.
• Remain abreast of the Operational Risk framework, policies, standards, procedures, and relevant legislation/regulations.
• Provide assurance that the Operational Risk Framework and Standards are implemented through Conformance Reviews where required and as directed by the Combined Assurance Forum.
• Maintain and promote network of Lessons Learned (including Root Cause Analysis) sharing across businesses and geographies. Educate business and facilitate appropriate proactive remediation of identified vulnerabilities.
• Make Risk decisions within mandates delegated by the CRO and escalate risk decisions outside of discretion to the CRO. (Any individual or function which acts to restrict these powers must be escalated to the CRO.)
• Perform independent review and challenge of business /function performance and risk profile.
• Assess, challenge, and monitor the current and forward-looking Operational Risk exposure (financial and non-financial) i.e. considering all framework elements, strategic planning, business expansions/contractions and other major change programmes, including New and Amended Product Approval (NAPA).
• Support the scoping and definition of related Operational Risk deliverables and plans, ensuring that these are aligned to the central Operational Risk calendar.
• Assess the relevance and performance of the Operational Risk indicators and thresholds.
• Review the Key Risk Assessments (KRAs) for completeness, with appropriate challenge.
• Partner with the first line of defense to provide guidance on issue/action documentation, tracking, escalation, and remediation of Operational Risk issues.
• Investigate any matter affecting the business risk profile, which poses undue risk.
• Oversee deep dive and lessons learnt exercises for material risks, including the review, challenge, and tracking/escalation of findings. Review major remediation plans for adequacy, completeness, and progress.
• Oversee monthly loss event reconciliations and related attestations to ensure that all risk events and losses have been captured on the Operational Risk system.
• Ensure full and accurate reporting of risk events by the Business. Conduct post incident reviews and analyse root causes and ensure learning points are identified and any necessary remedial action is implemented with a view to improving processes and reducing operational losses.
• Escalate any unresolved concerns directly to CRO and the Centre Head of OR.
• In the event of a significant control failure or limit breach, ensure appropriate escalation, through the CRO and Centre Head of OR.
• Ensure that Operational Risk Management systems and tools are used, and that data is accurate, of good quality and current.
• Report to business executives and Risk Committees on the risk profile and adherence to appetite.
• Validate data and information in relevant reports provided by first line of defense, as appropriate.
• Provide independent challenge on, and insight from relevant reports to senior management.
• Prepare appropriate current and forecast Operational Risk profile reporting as required by Country and AGL management / governance.
• Personal accountability
• Independent in practice and in thought
• Engaged with a visible level of presence
• Appropriate level of inquisitiveness
• Able to understand business model, strategy, process, products and systems, and influence change.
• Confident to responsibly challenge on data or facts
• Ability to manage conflicts
• Influential (Able to influence outcomes and strategy decisions at the highest level (CMC and Board)
• Crisp and clear communicator, verbally and in writing
• See the big picture, and can get into the detail where necessary
• Focused without adopting a silo mentality
• Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Absa Operational Risk Framework and internal Absa Policies and Standards.
• Manage risk and control effectively by applying applicable risk frameworks and embedding a positive risk culture
• Understanding of own role in the end-to-end processes in which you play a part, including applicable risks and controls.
• Adhere to Absa’s policies and procedures applicable to own role, demonstrating sound judgment and responsible risk management.
• Report all risk events / incidents / issues using the defined process for your business area and help to understand why these happened and how to prevent them in future.
• Proactively look for ways to improve the control environment by considering what could go wrong in the processes you operate and how errors could be prevented.
• Continuous and proactive engagement with regulatory bodies, unions where applicable
• All mandatory training completed to deadline.
• Staying abreast with changes both internal and external environments
• Decide on the most appropriate action to mitigate Operational Risk identified that needs immediate attention
• Trust
• Resourceful
• Stewardship
• Inclusive
• Courage

• Knowledge of banking legislation
• Knowledge of the risk environment, management of both Operational Risk and Resilience Risk.
• Deciding and initiating action
• Relating and networking
• Persuading and influencing
• Presenting and communicating
• Applying expertise and technology
• Analyzing
• Adapting and responding to change
• Leadership

• Minimum B-degree in Risk Management, Economics, Accounting, Finance, Banking, or any equivalent qualifications
• 3 years Operational and Resilience Risk environment experience
• 3 years’ experience as an Operational Risk Officer / Manager or Business Risk Officer