Job Purpose
The IT Compliance & Risk Lead is responsible for the assessment of technology\ vendor risks and control effectiveness across the IT disciplines. The IT Risk lead will identify, classify, and document control issues in banks environment by documenting assessment results, recommending corrective action, tracking remediation, evaluating policy and control standard exceptions, and regularly report to IT management.
Key Accountabilities
• Supports the establishment of the IT risk management process and integration and maturing of the process across the IT disciplines and practices.
• Supports development of the technology risk framework, policies, standards, and risk taxonomy.
• Supports the implementation and adherence to the risk framework, in collaboration and conjunction with business-aligned risk partners.
• Evaluates and identify technology risk related to divisions and the enterprise, including emerging trends that may impact risk profile.
• Supports the self and control risk assessment (RCSA) for IT and engage with the IT stakeholders to define the controls in place, residual risk and treatment plans.
• Maintains a consolidated list of the technology risk at the enterprise level and ensure a continuous monitoring on the risks and corresponding mitigations plans.
• Implements risk assessments across the enterprise and build an overall profile of the technology risk.
• Provides credible challenge based on risk assessment results and ensure risk is being mitigated.
• Collaborates with division risk officers and subject matter experts to ensure policies and standards are practical, effective and efficient
- Qualifications Bachelor’s/master’s degree in computer science or related field.
- Professional Certifications COBIT, ITIL, CRISC, ISACA
Experience 6 – 8 Years
Skills
• Minimum 3-5 years of experience in IT risk and compliance role.
• Solid understanding of IT governance, information security policies, standards and industry best practices.
• Experience in technology and operational risks frameworks.
• Practical experience in scoping, conducting risk assessment, and documenting results.
• Detail oriented and able to meet tight deadlines.
• Excellent documentation skills and ability to communicate effectively across functional areas.
