Our client is a top-tier International Investment and Commercial Bank. Technology Resilience is the risk of un-managed disruption to any IT system within our client's environment, as a result of malicious acts (i.e. cyber-attacks), accidental actions or poor IT practice (i.e. change control) or IT system failure (i.e. a core network switch failing).
The Technology Risk and IT Change Manager will serve as a specialist as part of client's second line of defense Operational and Resilience Risk team. The role holder will serve as primary point-of-contact from US Operational and Resilience Risk to client's US IT risk and change management operations, providing engagement and credible challenge of technology risk governance and change controls for Information Technology and Cybersecurity Risk.
Responsibilities:
The Technology Risk and IT Change Manager will serve as a specialist as part of client's second line of defense Operational and Resilience Risk team. The role holder will serve as primary point-of-contact from US Operational and Resilience Risk to client's US IT risk and change management operations, providing engagement and credible challenge of technology risk governance and change controls for Information Technology and Cybersecurity Risk.
Responsibilities:
- Risk Management Expert: Specialist in information technology risk, including cybersecurity principles, cloud strategies and IT operational processes, with focus on change control and risk management through IT governance.
- Risk Management Oversight: Ensure robust oversight and credible challenge with clear expectations set with IT and Cyber Security Control Owners. Works closely with the first line of defense (including USA CIO, CISO, CCO and their respective teams) to agree required outcomes and remediation priorities.
- IT Change Oversight: Support the guidance, oversight and challenge on key Information Technology and Cybersecurity Risk issues arising from IT change management. Monitor and challenge the effective of ongoing change management control monitoring plans (i.e. oversight of test plans, sample checks).
- Risk Appetite: Monitor US Resilience Risk Appetite and oversee first line of defense reporting to governance committees. Work with US ORR Business and Functions teams to ensure US businesses understand the impact of any Resilience Risk appetite breaches that require changes to controls, resources and business operations.
- Risk Policy: Provide subject matter expertise and credible challenge on US Resilience Risk policy dispensations and risk acceptances.
- Risk Position and Challenge Papers: Help prepare evidence-based papers pertaining to Information Technology and Cybersecurity Risk positions to US boards, Risk Management Meeting (RMMs), Control Environment Management Meeting (CEMMs), and related forums.
- Regulatory Awareness: Apply guidance on client's adherence to Information Technology and Cybersecurity Risk-related legislation and regulations from government organizations, regulators, and industry organizations.
- Subject matter expertise in one or more resilience technology risk categories (i.e. IT risk management), including understanding of industry best practices, frameworks, and regulatory guidelines
- Understanding of risk management principles
- Ability to engage with first line of defense stakeholders
- Strong written communicator with demonstrated analytic skills
- 3-5 years experience in related risk management and/or technology role(s)
- Bachelor’s degree and/or professional certificate in related discipline
