IT Risk and Compliance Senior Specialist

Purpose

As an IT Risk and Compliance Senior Specialist, you will join the IT Governance Business Unit and be responsible for ensuring that IT complies with all applicable regulatory requirements. The role plays a key part in coordinating first line of defense activities across all IT areas, supporting alignment with the guidelines and expectations of the Supervisory Authorities.

What you will be doing

• Coordinate first line of defense activities across all IT areas, ensuring alignment with the guidelines and expectations of the Supervisory Authorities.
• Collaborate with the Bank’s second and third lines of defense, participating in IT Risk Assessment activities to identify, assess, and manage ICT risks, and to develop, maintain, and monitor appropriate controls within the IT Governance Framework, including the definition and monitoring of KRIs.
• Apply IT Risk Management processes in line with regulatory requirements and industry best practices, identifying potential compliance risks and vulnerabilities, coordinating mitigation plans, and monitoring the implementation of related actions.
• Collect and analyze data for ICT risk self-assessments, produce and review IT regulatory reports (e.g. ITRQ, BoG 2651), and prepare ICT risk reports and related material for Senior Management and relevant Committees.
• Support the Supervisory Review and Evaluation Process for ICT risks and contribute to supervisory dialogue with BoG, JTS, SSM, and ECB, while supporting the development and maintenance of a formal IT risk and control compliance program.
• Stay current on evolving regulatory requirements, identify IT regulatory compliance trends and practices, assess potential impacts, propose IT compliance roadmaps, and coordinate the involvement of IT units to ensure effective compliance.
• Act as the primary point of contact for internal and external IT auditors, coordinate assurance service engagements, monitor the remediation of ICT findings, and support the investigation and resolution of Operational Risk Events.
• Prepare detailed compliance reports, maintain comprehensive compliance and audit documentation, and organize IT Compliance Domain files, cases, issues, and reports, ensuring timely follow-up and accurate recordkeeping.

What you need to have

• A Bachelor’s degree in Information Technology, Computer Science, Statistics, or another relevant technical-oriented field.
• A Master’s degree in the above fields, or in Finance, Business Administration, or Management, will be considered a plus.
• Understanding of banking processes, IT systems, and IT service workflows, supporting IT governance activities.
• Knowledge of IT risk management procedures and protocols, including the development of IT risk control and response activities.
• Familiarity with financial services regulations and banking supervision, such as DORA, EBA Guidelines on ICT and security risk management, ICT risk assessment under the Supervisory Review and Evaluation, and relevant BoG Acts.
• Proven experience in IT regulatory compliance within the Banking / Financial Services sector.
• Ability to build effective relationships with stakeholders, external partners, auditors, and supervisory authorities.
• Strong organizational, presentation, and project management skills.