To facilitate, monitor and oversee the management of Cyber & IT Risks (risks related to IT, Cyber/Information Security and Business Continuity) across ABC Group and to support the first line of defense (IT, Cyber/Information Security and Business Continuity) in their respective risk domains.
Principal Accountabilities and Deliverables of Role:
Oversight/Monitoring of the implementation (progress) of policies and frameworks for IT, Information/Cyber Security and Business Continuity by the first line in Bank ABC
Supporting Cyber & IT risk management processes in the first line (IT, Information/Cyber Security and Business Continuity) and in the second line (Risk Management department);
Providing input from a Cyber & IT Risk perspective to proposals that are put forward to the New Products Committee
Monitor the effectiveness of the controls implemented through the policies and frameworks for IT, Information/Cyber Security and Business Continuity in the units via Key Risk Indicators.
Analysis of risk data and translating same in action plans;
Reporting of risks and status of risk management;
Preparation of the Group Operational Resilience Committee.
Raising awareness and promoting best practices for the management of Cyber & IT Risk
Develop Key Performance Indicators for the implementation of IT, Information/ Cyber Security and Business Continuity policies and frameworks to monitor progress in terms of implementation
Advise on Cyber & IT Risk matters (experts and non-experts)
Analysis of the Cyber & IT Risks in proposals and advice on mitigating actions to remain within the risk appetite of the Bank
Develop, improve and monitor Key Risk indicators
Raise Issues and Action Plans and analyze Incidents
Propose and perform Control Assurance when appropriate
Produce easy to read reports with clear defined thresholds
Provide trainings / Share incident analysis
Provide a Cyber & IT Risk watch especially on emerging technologies
Attend and present at Group and Local Risk Committees when requested.
Extensive knowledge of the IT Risk, IT Audit, IT Security (incl. Cyber) and/or Business Continuity
Practical working experience with IT risk & control frameworks;
Broad knowledge of operational risk disciplines, IT Risk, Information Security, Business Continuity and Disaster Recovery;
Relevant knowledge of industry process, control and risk frameworks, e.g. CMMi™, ITIL, COBIT, ISO 2700x, NIST, ISO22300, CIS20;
Strong practical experience with IT Risk Assessment frameworks, tools and methodologies as applied to business processes, business applications, technology infrastructure and third parties
Practical knowledge of Operational Risk tooling e.g. Governance, Risk and Compliance applications (including reporting aspects)
Education / Certifications
Master degree from a reputable university
Formal academic credentials related to IT Risk (IT, Information (Cyber) Security, Risk Management, Business Continuity);
Appropriate qualifications (CISM, CISA, CISSP, CRISC or equivalent).
At least 5 years of relevant work experience
Strong written & oral communication / presentational skills;