Job Description
The IT Risk Manager guides the assessment of technology, information, and cybersecurity risks associated with technology and cybersecurity initiatives and operations, and provides recommendations for risk controls. He/she manages and coordinates the ongoing monitoring of initiatives and operations to ensure that sufficient risk-preparedness activities are conducted. He/she facilitates incident resolution. He/she will act as a technical risk expert to ensure regulatory compliance and risk coverage is in place.
Responsibilities
- Sets governance procedures for documenting and updating technology and cybersecurity policies, standards, guidelines, and procedures
- Documents and implements procedures for technology and cybersecurity breach incidents and post-breach activities
- Facilitates Technology and Information Security staff's operational implementation of technology and cybersecurity risk frameworks
- Recommends strategies to address risk areas based on assessments of business needs against security concerns and regulatory requirements
- Leads the conduct of risk and control assessments, system assessments, and stress testing to identify risk profiles
- Reviews organizational assessments and augments security controls with 3rd party and internal Technology and Information Security staff
- Analyses technology and information security risk metrics to address emerging risks
- Implements routine technology and information security risk monitoring activities
- Assesses risks in new technology / digital initiatives and function/business technology usage
- Provides strategic and technical recommendations following the identification of vulnerabilities within IT systems
- Review existing risk monitoring mechanisms to reflect changing trends, regulations, and industry best practices
- Enforce, incorporate, and comply with all necessary controls and related information security (EIS) policies, procedures, practices, training, reporting, personal due diligence and vigilance, within departmental/unit activities and operations.
Qualifications
Preferred Qualifications
- A tertiary-level qualification from an internationally/regionally recognized institution, preferably a degree in Finance, Business, Economics, Mathematics / Statistics
Years & Nature of Experience
- Recommended to have 5 to 8 years of experience in technology and risk management, preferably in the banking industry
- A successful track record of implementing IT risk assessment frameworks preferably, in a commercial and/or corporate banking environment
- Demonstrates strong ability to draw connections between business or operational actions and risk assessment results, derive and communicate insights and recommendations to a senior audience
Technical Competencies
- Business and IT Risk Assessment
- Cybersecurity
- Data Collection and Analysis
- Emerging Technologies
- Policy Implementation
Behavioral Competencies
- Problem Solving
- Communication
