Description
Job Purpose:
To facilitate, monitor and oversee the management of Cyber & IT Risks (risks related to IT, Cyber/Information Security and Business Continuity) across ABC Group and to support the first line of defense (IT, Cyber/Information Security and Business Continuity) in their respective Risk domains.
Principal Accountabilities and Deliverables of Role:
• Oversight/Monitoring of the implementation (progress) of policies and frameworks for IT, Information/Cyber Security and Business Continuity by the first line in Bank ABC
• Supporting Cyber & IT risk management processes in the first line (IT, Information/Cyber Security and Business Continuity) and in the second line (Risk Management department);
• Providing input from a Cyber & IT Risk perspective to proposals that are put forward to the New Products Committee
• Monitor the effectiveness of the controls implemented through the policies and frameworks for IT, Information/Cyber Security and Business Continuity in the units via Key Risk Indicators.
• Analysis of risk data and translating same in action plans;
• Reporting of risks and status of risk management;
• Raising awareness and promoting best practices for the management and oversight of Cyber & IT Risk
• Assist in review of Key Performance Indicators for IT, Cyber Security and Business Continuity
• Advise on Cyber & IT Risk matters (experts and non-experts)
• Analysis of the Cyber & IT Risks in proposals and advice on mitigating actions to remain within the risk appetite of the Bank
• Develop, improve and monitor Key Risk indicators
• Raise Issues and Action Plans and analyze Incidents
• Propose and perform Control Assurance when appropriate
• Produce easy to read reports with clear defined thresholds
• Draft slides with outcome of KRI’s and analysis
• Provide trainings / Share incident analysis
• Provide a Cyber & IT Risk watch especially on emerging technologies
Job Context (Circumstances & environment surrounding the job):
Cyber & IT risks are considered among the top 3 risks for financial institutions (Cyber risk being a systemic risk). Regulators are more and more stringent with regards these risks that may lead either to a fraud or to a disruption of the financial ecosystem.
Against this backdrop Bank ABC has decided to further strengthen its 2nd line of defence Cyber, IT & Fraud Risk management function, manned by specialists.
The position of Cyber & IT Risk Manager is a new position.
Job Requirements:
Knowledge
• Extensive knowledge of the IT Risk, IT Audit, IT Security (incl. Cyber) and/or Business Continuity
• Practical working experience with IT risk & control frameworks;
• Broad knowledge of operational risk disciplines, IT Risk, Information Security, Business Continuity and Disaster Recovery;
• Relevant knowledge of industry process, control and risk frameworks, e.g. CMMi™, ITIL, COBIT, ISO 2700x, NIST, ISO22300, CIS20;
• Strong practical experience with IT Risk Assessment frameworks, tools and methodologies as applied to business processes, business applications, technology infrastructure and third parties
• Practical knowledge of Operational Risk tooling e.g. Governance, Risk and Compliance applications (including reporting aspects)
Education / Certifications
• Master degree from a reputable university
• Formal academic credentials related to IT Risk (IT, Information (Cyber) Security, Risk Management, Business Continuity);
• Appropriate qualifications (CISM, CISA, CISSP, CRISC or equivalent).
Experience
• At least 5 years of relevant work experience
Personal Attributes
• Strong written & oral communication / presentational skills;
• Good time-management skills;
• Self-started / Pro-active
• People management and relationship skills;
• Good PC skills (current applications).
Skills
- Information Technology
- Management
- Cyber
- Information Security
- Support
- Defense
- Progress
- Framework
- Security
- Risk Management
- Best Practices
- Cyber Security
- Financial
- Fraud
- Risk Manager
- IT Audit
- Disaster Recovery
- Itil
- COBIT
- ISO
- Risk Assessment
- Applications
- Infrastructure
- Tooling
- Compliance
- Certified Information Security Manager
- CISA
- Certification for Information System Security Professional
- People Management
- Pc
- Banking Industry