Technology Risk Manager

ICBC Standard Bank PLC
London, UK
12 Sep 2019
26 Sep 2019
Contract Type
Full Time
Division Summary
The Technology Risk team currently provides Technology Risk service to more than 100 different applications and a wide range of infrastructure operating systems and databases across London, NY and Asia and an information security service to the whole firm.
Job Purpose
This role is within the IT department of a Global Investment Bank. The Technology Risk Manager is part of the Technology Risk team encompassing Technology Risk and Information Security which acts as the First Line of Defence.
You will be responsible for providing oversight of the control environment across various CIO teams in the IT department. You will assess the technology risks across key applications, systems and processes and maintain an understanding of the key areas of risk. You will work in close partnership other members of the Technology Risk team (Security Operations, Cyber Security, IT Risk and Logical Access Management) and with the CIO teams to identify appropriate remediation actions to being any risks identified back to within our risk appetite and then oversee the timely delivery of any remediation work agreed. You will be responsible for running the risk governance processes. You will also play an important part in collaborating with colleagues in Operational Risk and internal and external Audit.
Key Responsibilities
  • Support the risk governance processes covering the IT teams (control assessments, risk committees, risk acceptances, risk register, risk remediation action tracking)
  • Capture and manage risks raised by IT either in response to identified vulnerabilities, incidents or formal controls assessment processes
  • Work in collaboration with the IT teams to agree appropriate remediation actions to identified control weaknesses and oversee the timely completion of these actions and other actions identified in IS vulnerability scanning or pen testing activities
  • Perform application and system control reviews both as part of the change management processes and also as part of a periodic controls assessment program.
  • Produce monthly management reporting (MIS) in support of the various activities within the IT risk management governance framework
  • Support the Head of Technology Risk in developing the maturity of risk management activities across IT and provide thought leadership as required
  • Provide technology controls and risk advice to the IT teams and liaise with other controls experts across the organisation as appropriate (e.g. information security, business continuity)
  • Champion best practices for GCC (general computer controls), including change management, Identify and access management, SDLC
  • Collaborate with colleagues in Operational Risk and internal and external Audit.

Preferred Qualifications and Experience
  • Professional Qualifications - CISA/RiskIT/CISM/CISSP/CSSLP (Desirable)
  • Extensive experience working in IT with a risk or controls focus or in an internal audit function specialising in IT
  • Thorough understanding of software development lifecycles (SDLC) and general computer controls (GCCs)
  • Excellent knowledge of technology risk and control taxonomies and the industry standard frameworks (COBIT, ISO27001, ISO/IEC 27034)
  • Excellent relationship management and collaboration skills and ability to provide appropriate challenge to IT colleagues on control design and operation and the tracking of any agreed remediation activities
  • Deep understanding of audit requirements and ability to provide accurate and timely information to requests
  • Understanding of regulation, policy and standards applicable to the technology control environment
  • Working knowledge of the Global Markets business

Personal attributes:
  • Demonstrable technical credibility
  • Proven influence at senior manager level
  • Results orientated
  • Excellent written and oral communication skills
  • Excellent facilitation, negotiation, challenge and conflict resolution skills
  • Analytical and problem solving skills
  • Demonstrable ability to plan, prioritise and manage multiple activities
  • Strong networking skills
  • Team player - approachable, ability to share and consult others

Locale London

Similar jobs

Similar jobs