JOB PURPOSE

To support the Bank’s digital risk function by identifying, assessing, mitigating, and monitoring risks in digital banking channels (e.g., internet, mobile, API integrations). This includes controls, threats evaluation and ensuring risk awareness in digital product lifecycles.

KEY RESPONSIBILITIES AND ACTIVITIES

Digital Risk Identification & Assessment

• Identify, assess, and document risks associated with digital banking platforms, mobile banking, APIs, fintech integrations, and automation initiatives.
• Conduct risk assessments for new digital products, system changes, and third-party digital partnerships prior to go-live.

Risk Controls & Mitigation

• Evaluate adequacy of controls addressing digital, cyber, fraud, data, and operational risks within digital channels.
• Work with Legal, IT, Cybersecurity, IT Risk, DPO, Operations, Project, Digital Financial Services, and Product teams to strengthen digital risks’ preventive and detective controls during pre and post implementation
• Support up-to-date Risk Control Self-Assessment (RCSA) with Functional teams to strengthen digital risks’ preventive and detective controls during pre and post implementation and identification and validation of the sample control tests.

Digital KRIs & Monitoring

• Develop and monitor Key Risk Indicators (KRIs) for digital risks (e.g., system availability, transaction failures, fraud attempts, authentication issues).
• Identify emerging digital risk trends and escalate breaches of thresholds.

Incident & Issue Management

• Support investigation of digital risk incidents, near misses, and system disruptions.
• Track remediation actions arising from digital risk events, audits, and inspections.

Governance & Reporting

• Prepare digital risk dashboards and reports for Management Risk Committee and Board Risk Committee.
• Provide input into ICAAP, Operational Risk Assessments, and enterprise-wide risk reporting relating to digital risks.

Risk Culture & Advisory

• Embed “risk-by-design” principles in digital product development.
• Provide ongoing risk advisory support to Digital Banking, IT, and Innovation teams.

PERFORMANCE OBJECTIVES

• Institutionalize digital risk assessment at product design stage.
• Reduce notable digital risk incidents year-on-year.
• Maintain robust digital controls commensurate with Bank’s risk appetite.

KNOWLEDGE, SKILLS & EXPERIENCE

Academic

• Bachelor’s degree in Information Systems, Computer Science, IT, Risk Management, Engineering, or Finance.
• Postgraduate qualification in Information Security, Risk Management, or Technology Management is an added advantage.

Professional

• One or more of the following (or working towards):
  • CISA (Certified Information Systems Auditor)
  • CRISC (Certified in Risk and Information Systems Control)
  • ISO 27001 Lead Implementer / Lead Auditor
  • ITIL (risk or service management modules)
  • Cybersecurity or digital risk training is desirable.

Desired Work Experience

• 4–6 years’ experience in technology risk, digital risk, IT audit, cybersecurity, or operational risk within a bank or regulated institution.
• Demonstrated exposure in:
  • Digital banking platforms (mobile, internet, APIs)
  • Technology risk assessments and KRIs
  • Cyber and fraud risk collaboration with IT and Security teams
• Experience supporting digital product launches or system implementations is a strong advantage.

Key Competencies:

• Strong understanding of digital banking risk landscapes.
• Ability to evaluate technology controls and system risks.
• Data-driven risk analysis and reporting skills.
• Cross-functional collaboration skills.

Behavioural Competencies

• Curiosity and continuous learning mindset.
• Ability to challenge technology teams constructively.
• Strong risk judgment in fast-changing environments.
• Clear communication with both technical and non-technical stakeholders.

• Identify, assess, and document risks associated with digital banking platforms, mobile banking, APIs, fintech integrations, and automation initiatives.
• Conduct risk assessments for new digital products, system changes, and third-party digital partnerships prior to go-live.
• Evaluate adequacy of controls addressing digital, cyber, fraud, data, and operational risks within digital channels.
• Work with Legal, IT, Cybersecurity, IT Risk, DPO, Operations, Project, Digital Financial Services, and Product teams to strengthen digital risks’ preventive and detective controls during pre and post implementation
• Support up-to-date Risk Control Self-Assessment (RCSA) with Functional teams to strengthen digital risks’ preventive and detective controls during pre and post implementation and identification and validation of the sample control tests.
• Develop and monitor Key Risk Indicators (KRIs) for digital risks (e.g., system availability, transaction failures, fraud attempts, authentication issues).
• Identify emerging digital risk trends and escalate breaches of thresholds.
• Support investigation of digital risk incidents, near misses, and system disruptions.
• Track remediation actions arising from digital risk events, audits, and inspections.
• Prepare digital risk dashboards and reports for Management Risk Committee and Board Risk Committee.
• Provide input into ICAAP, Operational Risk Assessments, and enterprise-wide risk reporting relating to digital risks.
• Embed “risk-by-design” principles in digital product development.
• Provide ongoing risk advisory support to Digital Banking, IT, and Innovation teams.

• Strong understanding of digital banking risk landscapes.
• Ability to evaluate technology controls and system risks.
• Data-driven risk analysis and reporting skills.
• Cross-functional collaboration skills.
• Curiosity and continuous learning mindset.
• Ability to challenge technology teams constructively.
• Strong risk judgment in fast-changing environments.
• Clear communication with both technical and non-technical stakeholders.

• Bachelor’s degree in Information Systems, Computer Science, IT, Risk Management, Engineering, or Finance.
• Postgraduate qualification in Information Security, Risk Management, or Technology Management is an added advantage.
• One or more of the following (or working towards): CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), ISO 27001 Lead Implementer / Lead Auditor, ITIL (risk or service management modules)
• Cybersecurity or digital risk training is desirable.