Job Openings IT Risk Officer

About the job IT Risk Officer

Relevant Work Experience
At least 4 years of experience in at least two IT disciplines such as Applications Development, Project Management, Quality Assurance, Production Support and Service Management, or at least 5 years of experience in the business disciplines of Risk Management, Audit, Business Process Formulation/Operationalization and Governance, with sensitivity and commitment to solving business problems

At least 2 years of demonstrated competency in IT Risk Management role involving a financial or technology company
Demonstrated experience in team contributor responsibilities in cross-functional teams across the organization and ability in successfully utilizing soft skills
Bank-specific training or experience in Retail/Corporate Banking, Loans and Mortgage, Consumer Financing, Wealth Management and Marketing desired

Job Purpose

Manages and implements the IT risk management program, and identifies, evaluates and reports on IT risks in a manner that meets internal and external compliance requirements
Orchestrates the formulation of risk remediation plans to address identified risks, and proactively manage commitments to manage these risks
Acts as a liaison between regulators and auditors in the conduct and execution of reviews and audit engagements
Coordinates with the Banks Risk Management Division to ensure proper alignment of IT processes with the Operational Risk Management processes

Job Responsibilities

Managing IT Operational, Service Delivery and Business Resiliency Risks

  • Produce reports to accurately depict the state of risks related to technology for the Risk Management Oversight Committee
  • Work closely with platform owners, business continuity management leadership and champions to develop and implement effective IT risk management practices related to disaster recovery
  • Ensure integration of cyber resiliency in all operational, service delivery and business resiliency procedures
  • Oversee the operationalization of technical and functional patching, and ensure adherence to policies, procedures and guidelines
  • Track the progress and resolution of Risk Incidents

Managing Project Delivery Risks

  • Conduct Quality Assurance checks on the end to end delivery of capability enablement, from intake through to closing, to ensure compliance to internal policies, procedures and guidelines
  • Conduct Quality Assurance on the conduct of Client Management and Program/Portfolio Management
  • Lead the conduct of application risk assessments

Managing Regulatory Compliance Risks

  • Determine and maintain an inventory of all regulatory, commercial and organizational technology compliance requirements
  • Work with Info Sec, legal and compliance representatives to identify all related IT compliance requirements (i.e., security, user access, privacy, data integrity, etc.) associated with the laws and regulations within all relevant jurisdictions
  • Identify the associated IT compliance control gaps and oversee the documentation, implementation and testing of the entire IT compliance control portfolio
  • Facilitate the consistent implementation of all technology compliance policies, procedures and guidelines
  • Perform necessary due diligence activities to determine third-party adherence with IT compliance requirements

Managing Vendor Risks

  • Coordinate with the IT Vendor Manager the identification, classification and appraisal of vendor risks and their associated business impact
  • Understand and apply relevant regulatory and legal compliance requirements on all vendors
  • Request proof of required industry standard certification or report (e.g., ISO 27001, Service Organization Control Reports, PCI DSS, etc.)
  • Manage vendor risks as defined in vendor contracts and in accordance with existing risk management programs and policies, and ensure proper accounting in the Risk Registers

Managing Governance Risks

  • Coordinate audit-related tasks such as ensuring the readiness of IT managers and their organizations for audit testing and facilitating the timely resolution of any audit findings
  • Act as the single point of contact on all audit engagements, ensuring proper orchestration on activities related to field work, exit reviews and management responses
  • Provide recommendations on policy, procedure and guideline enhancements to address findings and remediate risks

Maintaining the Risk Registers

  • Create, disseminate and update documentation of the Banks matrix of identified IT risks and controls
  • Communicate identified risk requirements and violations to IT stakeholders and responsible vendors while supporting the identification of recommendations towards appropriate remediation plans

Fulfilling Operational Risk Management

  • Conducting regular Control Testing (RCSA) to fulfill Bank requirements
  • Reporting Risk Incidents (RIR) within prescribed timelines, as required
  • Reporting and monitoring the units Key Risk Indicators (KRI) and Key Control Indicators (KCI)
  • Resolving Quality Assurance, Compliance and Audit observations to ensure adherence to Bank standards on Project delivery

Skills

  • Knowledge of banking processes (retail, consumer, corporate, wealth)
  • Knowledge of regulatory environment, processes and circulars
  • Knowledge of general Core Banking Systems
  • Knowledge of Operational and Technology Risk Management
  • Working knowledge of at least one project delivery methodology, such as PMBOK, PRINCE2, SCRUM
  • Business Process Modelling (BPM) methodology, such as Flowchart, Data Flow, Role activity and interaction, Gantt, PERT, Functional Flow, UML
  • Effective communication and influencing
  • Problem solving and decision making
  • Negotiation and interpersonal relationship and consensus building
  • Leadership and motivation of others
  • Upwards management
  • Expectation setting and management
  • Business writing