Job Description

Empowering Africa’s tomorrow, together…one story at a time.

To develop a functional risk and securities operating model and framework in a broadly defined business functional strategy; enabling horizontal alignment, implementation and adoption.

The successful candidate will be a senior member of the Converged Security Office (CSO) with accountability for First Line Cybersecurity Governance, Risk, Compliance Oversight and Executive Reporting for the Chief Security Office specifically pertaining to cybersecurity risks. The role is responsible for defining, embedding and overseeing Cyber Security risks ensuring alignment with Group policies, regulatory expectations and Board-approved risk appetite

The primary function of the role is to provide leadership and assurance that Absa operates within approved cybersecurity risk tolerances, maintains strong governance disciplines, and delivers accurate, timely and decision‑enabling cybersecurity risk reporting to Executive Management.

Additionally, the role provides oversight and challenge to in‑country, ARO and Group stakeholders, ensuring consistent governance practices and effective cybersecurity risk management outcomes.

The role is accountable for delivery across the following areas:

• Cybersecurity governance, risk and control oversight.

• Enterprise cybersecurity risk and compliance reporting to Executive, Board and Regulators as and when required.

• Cybersecurity first line risk insight and decision support.

• Culture, capability and maturity uplift across cybersecurity governance and reporting disciplines.

Cybersecurity Governance, Risk & Control Oversight

• Provide leadership and direction for Cybersecurity Governance, Risk and Control Management across Cyber Security first line risk.

• Define and maintain enterprise cybersecurity governance frameworks aligned to Group standards and regulatory requirements.

• Act as a senior custodian of first line cybersecurity risk governance, ensuring effective oversight, challenge and escalation of material risks.

• Provide independent, informed cybersecurity risk insight and advice to Executive Management and Board Committees.

• Ensure consistent cybersecurity governance practices across in‑country, ARO and Group operating models.

Executive Reporting & Management Information

• Own and oversee the design, quality and integrity of executive‑level cybersecurity reporting.

• Ensure delivery of accurate, timely and forward‑looking cybersecurity risk reporting to Executive Committees, Board Committees and Regulators as and when required.

• Translate complex cybersecurity risk, control and technical information into clear executive narratives and insights

• Ensure cybersecurity risk reporting supports decision‑making, risk appetite monitoring and strategic prioritisation.

• Oversee continuous improvement of reporting automation, dashboards and analytics.

Cybersecurity First line Risk Assessment & Assurance

• Oversee enterprise‑wide risk assessments across Cyber Security risk.

• Ensure cybersecurity key risk indicators (KRIs) and control metrics are defined, monitored and acted upon.

• Provide executive challenge on risk acceptance, remediation prioritisation and control effectiveness.

• Ensure alignment between risk assessments, audit outcomes and remediation plans.

Education, Culture & Capability

• Champion a strong cybersecurity governance, risk and accountability culture across Absa.

• Design executive and senior‑leader risk awareness initiatives.

• Build and develop high‑performing cybersecurity governance and reporting team.

• Drive capability uplift and maturity improvement across cybersecurity risk and reporting disciplines.

Mandatory Risk and Control Objective

Ensure all activities and accountabilities are executed in full compliance with:

• Regulatory requirements.

• Enterprise‑Wide Risk Management Framework.

• Group and Absa internal policies and standards.

Ensure effective identification, management and escalation of material risks and incidents relevant to cybersecurity risks.

Role / Person Specification

Preferred Education

• Post‑graduate qualification in Information Technology, Cybersecurity risk, Risk Management, Governance or related field.

• Professional certifications in Risk, Security or Governance (e.g. ISACA, ISO, or equivalent).

Preferred Experience

• Extensive leadership experience in Governance, Risk, Compliance or Technology Risk within a regulated financial institution.

• Demonstrated leadership of enterprise‑wide risk and reporting functions.

Knowledge & Skills

• Deep understanding of governance, risk and control frameworks.

• Strong regulatory and financial services risk knowledge.

• Exceptional executive communication and reporting capability.

• Ability to translate risk into strategic insight and action.

Behavioral Competencies

• Strong influencing capability.

• Strategic, analytical and outcome‑driven.

• High integrity, sound judgement and independence of thought.

• Ability to operate effectively in complex, high‑pressure environments.

Education

Bachelor`s Degrees and Advanced Diplomas: Business, Commerce and Management Studies (Required)

Absa Bank Limited is an equal opportunity, affirmative action employer. In compliance with the Employment Equity Act 55 of 1998, preference will be given to suitable candidates from designated groups whose appointments will contribute towards achievement of equitable demographic representation of our workforce profile and add to the diversity of the Bank.

Absa Bank Limited reserves the right not to make an appointment to the post as advertised