Cyber & IT risks are considered among the top 3 risks for financial institutions (Cyber risk being a systemic risk). Regulators are more and more stringent with regards these risks that may lead either to a fraud or to a disruption of the financial ecosystem. Against this backdrop Bank ABC has decided to further strengthen its 2nd line of defence Cyber, IT & Fraud Risk management function, manned by specialists. The position of Cyber & IT Risk Manager is a new position.
To facilitate, monitor and oversee the management of Cyber & IT Risks (risks related to IT, Cyber/Information Security and Business Continuity) across ABC Group and to support the first line of defense (IT, Cyber/Information Security and Business Continuity) in their respective risk domains.
Principal Accountabilities and Deliverables of Role:
- Oversight/Monitoring of the implementation (progress) of policies and frameworks for IT, Information/Cyber Security and Business Continuity by the first line in Bank ABC
- Supporting Cyber & IT risk management processes in the first line (IT, Information/Cyber Security and Business Continuity) and in the second line (Risk Management department);
- Providing input from a Cyber & IT Risk perspective to proposals that are put forward to the New Products Committee
- Monitor the effectiveness of the controls implemented through the policies and frameworks for IT, Information/Cyber Security and Business Continuity in the units via Key Risk Indicators.
- Analysis of risk data and translating same in action plans;
- Reporting of risks and status of risk management;
- Preparation of the Group Operational Resilience Committee.
- Raising awareness and promoting best practices for the management of Cyber & IT Risk
- Develop Key Performance Indicators for the implementation of IT, Information/ Cyber Security and Business Continuity policies and frameworks to monitor progress in terms of implementation
- Advise on Cyber & IT Risk matters (experts and non-experts)
- Analysis of the Cyber & IT Risks in proposals and advice on mitigating actions to remain within the risk appetite of the Bank
- Develop, improve and monitor Key Risk indicators
- Raise Issues and Action Plans and analyze Incidents
- Propose and perform Control Assurance when appropriate
- Produce easy to read reports with clear defined thresholds
- Provide trainings / Share incident analysis
- Provide a Cyber & IT Risk watch especially on emerging technologies
Attend and present at Group and Local Risk Committees when requested.
Extensive knowledge of the IT Risk, IT Audit, IT Security (incl. Cyber) and/or Business Continuity
- Practical working experience with IT risk & control frameworks;
- Broad knowledge of operational risk disciplines, IT Risk, Information Security, Business Continuity and Disaster Recovery;
- Relevant knowledge of industry process, control and risk frameworks, e.g. CMMi™, ITIL, COBIT, ISO 2700x, NIST, ISO22300, CIS20;
- Strong practical experience with IT Risk Assessment frameworks, tools and methodologies as applied to business processes, business applications, technology infrastructure and third parties
- Practical knowledge of Operational Risk tooling e.g. Governance, Risk and Compliance applications (including reporting aspects)
Education / Certifications
- Master degree from a reputable university
- Formal academic credentials related to IT Risk (IT, Information (Cyber) Security, Risk Management, Business Continuity);
- Appropriate qualifications (CISM, CISA, CISSP, CRISC or equivalent).
- At least 5 years of relevant work experience
- Strong written & oral communication / presentational skills;
- Good time-management skills;
- Self-started / Pro-active;
- People management and relationship skills; and
- Good PC skills (current applications).