Non-Financial Risks Control Senior Specialist (Information & Communication Technology)

Purpose
 

As a Non-financial Risks Senior Specialist (Information & Communication Technology), you will play a critical role in ensuring the security and resilience of our Information and Communication Technology (ICT) systems. You will be responsible for identifying, assessing and mitigating risks related to ICT, thus contributing to the overall risk management framework of the Bank. This position requires a deep understanding of ICT systems, IT related controls, cyber risk, operational risk management and regulatory compliance within the financial industry from a cyber-risk perspective.

What you will be doing

• ICT Risk Assessments: Conduct and/or facilitate comprehensive assessments of operational risks associated with ICT systems, including hardware, software, networks, clouds and data centers.
• Risk Mitigation: Recommend, develop and implement risk mitigation strategies and controls to minimize the impact of ICT related operational risks on the Bank's operations.
• Incident Response: Collaborate with the incident response team to develop and enhance procedures for managing ICT related incidents, ensuring minimal disruption to bank operations.
• Regulatory Compliance: Stay up-to-date with relevant regulatory requirements and industry best practices related to ICT risk management, and ensure the bank's ICT Framework is compliant.
• Risk Reporting: Prepare and present regular reports on ICT operational risk assessments, incidents, and mitigation efforts to senior management and regulatory authorities, including the annual report on the ICT Risk Management Framework.
• Vendor Risk Management (ICT-third party Risk): Assess and monitor ICT third-party vendors and service providers to ensure they meet the bank's ICT risk standards.
• Policy and Procedure Development: Contribute to the development, review and enhancement of ICT risk policies, procedures, and guidelines to align with evolving industry trends and regulations.
• Training and Awareness: Provide training and awareness programs to bank staff on ICT risk management, ensuring a culture of risk awareness throughout the organization.
• Stakeholder Collaboration: Collaborate with cross-functional teams, including IT, Cybersecurity, Business Continuity, Internal Audit, to align ICT risk management efforts with broader risk management initiatives.

What you need to have

• A Bachelor's degree in Information Technology, Computer Science, Risk Management, or a related field. Master's degree or relevant certifications (e.g., CRISC, CISM, CISA, CISSP) is a plus.
• At least five (5) years of working experience in ICT risk management within the banking or financial industry, with a proven track record of assessing, mitigating, auditing ICT related operational risks.
• Deep knowledge of ICT infrastructure, systems, and emerging technologies.
• Strong understanding of regulatory requirements related to ICT risk management (e.g., Basel III, GDPR, FFIEC).
• Excellent communication and presentation skills to convey complex technical concepts to non-technical stakeholders.
• Strong analytical and problem-solving skills.
• Ability to work independently and collaboratively within a team.