IT Risk Manager
IT Risk Manager
Responsibilities IT Risk Manager
As IT Risk Manager you will work on a wide variety of domains: cyber security, information security (digital), IT resilience risk management topics and and you will provide expertise to vendor/outsourcing, operations and product/services risk cycles. This includes improving the bank’s overall Information Technology Risk Management cycle, ensuring that all relevant risks are consistently identified, assessed, monitored, reported and managed across the organization in compliance with both internal and external (regulatory) rules, policies and guidelines. IT Risk within the Bank is defined as the risk of losses related to destruction / disruption / malfunction / misuse of IT, or unauthorized alteration/leakage of electronic data, or threats/vulnerabilities to IT security (including cybersecurity), or external factors (e.g. disasters).
This second line of defense function forms part of the Operational Risk Management which is responsible for:
- Identification, assessment, monitor and reporting of risks;
- Support and advice in design and deployment of the overall risk management framework, including risk strategy, policies, appetite and tolerance;
- Risk monitoring, control and reporting;
- Challenge and escalation of risk and/or control issues to Management.
You will organize dispersed data to produce clear, concise and meaningful reports for internal and external stakeholders. You will liaise regularly with (senior) professionals across other (European and international) divisions, and also have a direct reporting line to the Director Operational Risk and strong alignment with Vice President IT Risk.
- Provide expert advice and guidance to the business units to ensure identification, measurement, assessment and consistent management of all IT risks;
- Maintain IT Risk Library (Events, Scenarios and Control objectives) which is being designed based on COBIT/FFIEC/SOX;
- Preparation of 2.LoD IT Risk reports comprising the Bank’s risk profile, exposures and control performance;
- Implement and improve controls, review and challenge the design and effectiveness of controls using audit methodologies;
- Support, perform and/or facilitate KRI Monitoring, Risk Control Self Assessments, Business Impact Analysis, System Risk Assessments and Scenario-based Risk Assessments;
- Support IT audits and provide expertise, hands-on work and recommendations for risk mitigation and remediation;
- Escalation of (potential) risk events and regulatory breaches in accordance with the Bank’s risk governance framework;
- Documentation of relevant policies and procedures;
- Support and participate in required projects or initiatives in facilitating the identification and evaluation of risks and controls, providing expertise and recommending proportional cost effective and efficient solutions;
- Being critical and promote changes to systems, processes and working practices in order to achieve operational improvement;
- Contribute to increased risk awareness in the organisation by providing appropriate training;
- Monitor adherence to the banks framework of rules and policies as well as local laws and regulations and ensure embedding of risk management principles and practices in the Bank’s daily business operations;
- Cooperation with Compliance regarding country-specific legal and regulatory requirements relating to IT Risk Management;
- Pro-actively develops and maintains relationships with a wide range of key contacts in all areas of the organization.
You will be a member of the Operational Risk Management team, which in turn is part of the Risk Management Division (RMD) and organizationally reports to the Head of RMD, which in turn reports to the Chief Risk Officer (CRO).
Requirements IT Risk Manager
The IT Risk Manager we are looking for is foremost critical and anlytical, an independent thinker and a great communicator. Next to that you have:
- Academic degree in Computer Engineering or other relevant field of study;
- At least 2 years of work experience in operational and/or IT risk management, IT security, IT audit roles;
- Practical experience and knowledge in COBIT, ITIL, FFIEC and SOX implementation and ability to perform IT risk assessments and review/monitor relevant controls;
- Preferably completed at least one of the CISSP, CRISC, CISM or CISA certificate programmes or engaged in the process;
- Analytical abilities / deep IT security and high level overall IT knowledge / problem solving;
- Understanding of relevant EBA, ECB, DNB guidelines and regulation in EU;
- Ability to participate in projects across divisions;
- Advanced Excel (VBA);
- Fluent language skills in English;
- Sense of humor and ability to work in multicultural environment.