About this role:
- Overseeing front line Technology risk management team adherence to the company’s Risk Management Framework
- Provide advisory and guidance to Front Line. Review and challenge adequacy and efficiency of the front-line controls
- Maintaining an independent view of the Company’s aggregate and material technology risk
- Identifying and providing appropriate operational risk coverage for the organizations in scope and their risk-taking activities
- Enabling timely, informed and efficient operational risk identification, escalation, reporting, and decision-making
- Demonstrate effective collaboration via knowledge sharing, cross risk reviews, joint business connects, and adopting One-IRM mindset
- Conduct independent risk management reviews and identify control expectations with primary focus on technology and information security processes/applications.
- Perform gap analysis on policy requirements for risk types aligned to various operational and technology processes.
- Further strengthen and support an effective control review and challenge process to provide transparency, accountability and escalation of control effectiveness
- Review for consistency and thoroughness and suggest improvements for better resiliency.
- Provide leadership and guidance to impacted stakeholders around control framework requirements aligned to technology and information security control implementation.
- Active engagement in key front line governance routines inclusive of Risk & Control councils and business reviews
- Evaluate the adequacy and effectiveness of applicable policies, procedures, processes, systems and internal controls.
- Perform gap analysis on policy requirements for risk types aligned to various operational and Technology processes.
- Provide monitoring and independent oversight of the execution of technology, info security, and information management risk as they relate to policy and standards, including the independent oversight of the build out of a new front line process dedicated to the end-to-end risk management lifecycle.
- 15+ years of experience in risk assessment, independent risk management, control evaluation, risk reporting and issue management on various technology risks, inclusive of but not limited to, information security risk, third party risk, business resiliency and disaster recovery.
- Industry recognized certification such as CISM/ CISA / CRISC / CISSP.
- Good to have working knowledge of COBIT framework with an emphasis on measuring control effectiveness and risk assessments.
- Excellent verbal, written and interpersonal communication skills.
- Strong analytical skills with high attention to detail and accuracy.
- Ability to interact with all levels of an organization.
- Ability to present complex material in a digestible, consumable manner to all levels of management.
Other desirable skills experience
- Broad knowledge of operational risks including technology and information security risk and the issues faced by financial institutions today.
- Strong knowledge on enterprise risks, i.e., front office and middle office processes/controls would be considered as an added advantage.
- Proven experience with managing technology risk issues.
- Strong organization and detail-oriented skills, with proven ability to manage and prioritize work to meet deadlines despite frequent interruptions.
- Highly proactive, able to work both independently and within a collaborative team-oriented environment using sound judgment in decision-making.
- Demonstrated ability to work effectively with virtual and/or geographically dispersed teams