Specialist: Technology & Cyber Risk at Absa Group Limited (Absa)

Job Summary

• To provide expert oversight, challenge, and advisory support in the identification, assessment, and management of Change, Technology, and Cyber risks across the Compliance Function.
• This role is critical in ensuring that risk exposures related to transformation initiatives, IT systems, and cybersecurity are effectively governed, aligned with risk appetite, and compliant with internal policies and standards.
• The Senior Specialist plays a key role in strengthening the control environment, driving risk-informed decision-making, and supporting strategic resilience through proactive risk insights and engagement with senior stakeholders.

Job Description

Key Responsibilities:

Risk Identification, Assessment & Advisory   

• Act as a first line risk champion for Technology, and Cyber risk domains, providing subject matter expertise on risk identification and mitigation.
• Advise technology teams on embedding risk considerations into technology implementations, and ongoing operations.
• Support risk assessments (e.g., RCSAs, Risk Assessments, IT Risk Reviews) to proactively identify control gaps and emerging risks.

Assurance Reviews & Control Testing

• Design and conduct first line assurance reviews to test the effectiveness of controls across key risk areas, including cybersecurity, data protection, system availability, and IT governance.
• Document findings, assess control design and operational effectiveness, and provide recommendations for control improvement.
• Track and monitor the implementation of remediation actions resulting from assurance reviews, audits, or incidents.

Risk Monitoring, Reporting & Insights

• Monitor key risk indicators (KRIs), operational events, and control metrics to detect risk trends and escalation needs.
• Support the creation of risk dashboards, status reports, and thematic reviews for senior management.
• Collaborate with second line teams to ensure alignment on risk reporting and escalation protocols.

​​​​​​​Incident & Issue Management  

• Participate in incident reviews and root cause analysis for significant technology or cyber-related incidents.
• Ensure lessons learnt are documented, shared, and embedded into processes to prevent recurrence.
• Track open issues, audit findings, and risk actions to ensure timely and sustainable closure.
• undefined

​​​​​​​Governance & Stakeholder Engagement  

• Support internal governance forums by preparing risk reports, updates and presenting risk themes relevant to Technology, Information and Cyber Security.
• Collaborate with key stakeholders including IT teams, cyber security, and risk partners to ensure ownership and accountability of risks.
• Contribute to regulatory and internal compliance readiness activities.

​​​​​​​Policy Implementation & Risk Culture  

• Promote the application of group-wide risk and control frameworks (e.g., ERMF) within the function.
• Support training, awareness, and culture-building initiatives to strengthen risk maturity and accountability across teams.

​​​​​​​Education and Experience Required:

• B-degree in Risk / Information Technology/ related discipline
• A minimum of 3 to 5 years’ experience in risk within banking/ financial services
• Strong understanding of risk management frameworks and controls, especially in relation to  management, cybersecurity, and IT operations.
• Hands-on experience conducting assurance or control testing in a complex operational environment.

​​​​​​​Competencies:

• Solid analytical and problem-solving ability
• Risk and control mindset with attention to detail
• Strong interpersonal and stakeholder engagement skills
• Ability to influence and advise across different levels of the organisation
• Effective report writing and presentation skills
• Working knowledge of risk tools and systems
• Proactive, organised, and results-oriented Experience in conducting RCAs, risk event reviews, and control testing

Education

• Bachelor`s Degrees and Advanced Diplomas: Business, Commerce and Management Studies (Required)

End Date: October 24, 2025