Non-Financial Risks Control Specialist (Technology)

Purpose

In this role you will be responsible for identifying, assessing and mitigating ICT-related operational risks, through the enforcement of the Organization’s Risk Management Framework, thus contributing to the effective security and resilience of the Bank’s Information and Communication Technology (ICT) systems. This position requires a thorough understanding of ICT systems, IT related controls, operational risk management and regulatory compliance within the financial industry from an IT perspective.

What you will be doing

• Conduct comprehensive assessments of operational risks associated with ICT systems, including hardware, software, networks, clouds and data centers.
• Stay up-to-date with relevant regulatory requirements and industry best practices related to ICT risk management, and ensure the bank's ICT Framework is compliant.
• Contribute to the development and enhancement of ICT risk policies, procedures, and guidelines to align with evolving industry trends and regulations.
• Facilitate, monitor and challenge the outcome of the annual performance of their RCSA exercise, ensuring that risks and controls are identified and assessed effectively and that appropriate corrective actions are introduced where needed.
• Support in the definition, introduction and update of KRIs to ensure early identification and monitoring of emerging risks.
• Support the 1st LoD in capturing, analyzing, and reporting operational risk events, ensuring lessons learned are integrated into controls.
• Design and execute control testing programs to assess the effectiveness of key risk controls in the areas of responsibility.
• Monitor developments related to the non-financial risk events of the Business Area of responsibility and update RSA Archer Platform accordingly.

What you need to have:

• A Bachelor's degree in Information Technology, Computer Science, Finance or a related field.
• A Master's degree or relevant certifications (e.g., CRISC, CISM, CISA, CISSP) is a plus.
• Minimum of 2 years of experience in ICT risk management within the banking, financial, or consulting industry, with a proven track record of assessing, mitigating, auditing ICT related operational risks.
• Extensive knowledge of ICT infrastructure, systems, and emerging technologies.
• Strong understanding of regulatory requirements related to ICT risk management (e.g., Basel III, GDPR, FFIEC, DORA).
• Excellent communication and presentation skills to convey complex technical concepts to non-technical stakeholders.
• Fluency in English, both written and oral.
• Strong analytical and problem-solving skills.
• Ability to work independently and collaboratively within a team.