IT Risk Officer

Context

As a member of the Non-Financial Risk Management team, you will primarily focus on Information Security risk management, with the ability to support Operational Risk Management team in its duties.

You are expected to ensure that the IT Risk Policies are adequately applied within the organization, in line with the Bank’s risk appetite. You will contribute to the roll-out of the Information Security Monitoring Plan and appropriate reporting to the Management.

Votre Position

• In collaboration with the Chief Information Security Officer, roll out the Information Security Monitoring Plan: ensure that processes and controls are adequate by testing their design and effectiveness, identify potential weaknesses, develop action plans in collaboration with IT teams and follow up their implementation;
• Review existing processes and identify areas for improvement, look for continuous improvement relating to the Bank’s IT risk framework, in close coordination with IT Security team;
• Analyze IT incidents, challenge root causes analysis and action plan;
• Oversee the collection and maintenance of governance, compliance, and risk management metrics relating to Information Security (including risk policies, Key Risk Indicators follow-up, procedures);
• Participate to the implementation of relevant Key Risk Indicators, report adequately controls results and key observations to the Management through periodic reporting;
• Perform IT risk analyses in the frame of new initiatives/projects;
• Promote best practices within the organization, provide training to staff regarding information security;
• Ensure a regulatory watch, perform gap analyses on new regulations and contribute to regulatory reporting;
• Contribute to other Operational Risk Management team duties, including but not limited to: Risk & Control Self-Assessment Matrix yearly review, Design Effectiveness Testing and Operational Effectiveness Testing, Business Continuity Plan, operational incidents analysis.

Votre Profil

• Master’s degree in computer science or business or equivalent experience;
• Very good knowledge of local regulatory framework regarding Information Technology (EBA, CSSF);
• Significant technical, information security, or IT experience;
• Advanced knowledge of organization, technology controls, security and risk issues;
• Relevant certifications (such as CISA, CISM or CISSP) and/or expertise in IT security standards / compliance requirements are an asset;
• Ability to serve as an expert resource in technology controls and information security for project teams, business lines and management;
• Results/solution-oriented and strong analytical skills;
• French and English mandatory.