Key Deliverables

Vendor onboarding:

·         Determine whether arrangements and functions are duly classified as being an outsourced or insourced activity or not; and that classification of these activities such as core/material or non-material were carried out by the Business Units.

·         Determine whether the provisions of cloud computing are applicable.

Provide compliance advisory services to Business Units on the onboarding process for new vendors to ensure that all that materiality and risk assessments are carried out.

·         Ensure that the necessary due diligence on a prospective third-party service provider before entering into an outsourcing agreement has been finalised.

Risk Assessment:

·         Ensure that Business Units have conducted risk assessments for existing and potential vendors, evaluating their cybersecurity posture, data protection measures, and overall risk profile.

·         Ensure that Policies and Frameworks are continuously reviewed, updated and implemented.

·         Implement and enforce third-party risk management policies and procedures, ensuring alignment with industry standards and regulatory requirements.

·         Ensure that Business units have prepared an appropriate business case.

Contractual Reviews:

·         Collaborate with legal and procurement teams to review vendor contracts, ensuring that security and compliance requirements are adequately addressed.

Continuous Monitoring:

·         Implement and maintain a continuous monitoring program to track the security and performance of third-party vendors over time.

·         Address the renewal process for outsourcing agreements and how the renewal will be conducted.

·         Ensure that the Business Units effectively manages and monitors outsourcing relationships.

Issue Resolution:

·         Work closely with business units to address identified security issues or gaps, providing guidance and support for remediation efforts.

Documentation and Reporting:

·         Maintain comprehensive records of third-party risk assessments and associated documentation for easy access by the regulator.

·         Generate regular reports on the status of third-party risk management activities for management and relevant stakeholders.

·         Prepare approval and/or notification requests to be submitted to the Bank of Namibia.

·         Facilitate the submission of annual returns to the Bank of Namibia

·         Prepare submissions to the various Risk Committees

Regulatory Compliance:

·         Stay abreast of changes in regulations and industry standards related to third-party risk management, ensuring ongoing compliance.

·         Continued pro-active stakeholder engagement and involvement on a business, regulator and industry level

Training and Awareness:

·         Provide training and awareness sessions to internal stakeholders on third-party risk management best practices.

Incident Response Coordination:

Collaborate with the incident response team to develop and implement plans that address security incidents involving third-party vendors.

General

Must be prepared and willing to do any other reasonable and lawful instruction or task delegated by supervisor or manager and ensure that it is carried out on time and correctly.

Competences

·                Sound knowledge of the bank’s products.

·                Sound knowledge of Acts and Regulations applicable to the banking industry

·                Logical thinking /reasoning

·                Leadership and management skills

·                Self-starter and dedicated

·                Persuading and Influencing