Job Description

The IT Risk Manager guides the assessment of technology, information, and cybersecurity risks associated with technology and cybersecurity initiatives and operations, and provides recommendations for risk controls. He/she manages and coordinates the ongoing monitoring of initiatives and operations to ensure that sufficient risk-preparedness activities are conducted. He/she facilitates incident resolution. He/she will act as a technical risk expert to ensure regulatory compliance and risk coverage is in place.

• Sets governance procedures for documenting and updating technology and cybersecurity policies, standards, guidelines, and procedures

• Documents and implements procedures for technology and cybersecurity breach incidents and post-breach activities

• Facilitates Technology and Information Security staff’s operational implementation of technology and cybersecurity risk frameworks

• Recommends strategies to address risk areas based on assessments of business needs against security concerns and regulatory requirements

• Leads the conduct of risk and control assessments, system assessments, and stress testing to identify risk profiles

• Reviews organizational assessments and augments security controls with 3rd party and internal Technology and Information Security staff

• Analyses technology and information security risk metrics to address emerging risks

• Implements routine technology and information security risk monitoring activities

• Assesses risks in new technology / digital initiatives and function/business technology usage

• Provides strategic and technical recommendations following the identification of vulnerabilities within IT systems

• Review existing risk monitoring mechanisms to reflect changing trends, regulations, and industry best practices

• Enforce, incorporate, and comply with all necessary controls and related information security (EIS) policies, procedures, practices, training, reporting, personal due diligence and vigilance, within departmental/unit activities and operations.

Preferred Qualifications

• A tertiary-level qualification from an internationally/regionally recognized institution, preferably a degree in Finance, Business, Economics, Mathematics / Statistics

Years & Nature of Experience

• Recommended to have 5 to 8 years of experience in technology and risk management, preferably in the banking industry
• A successful track record of implementing IT risk assessment frameworks preferably, in a commercial and/or corporate banking environment
• Demonstrates strong ability to draw connections between business or operational actions and risk assessment results, derive and communicate insights and recommendations to a senior audience

Technical Competencies

• Business and IT Risk Assessment
• Cybersecurity
• Data Collection and Analysis
• Emerging Technologies
• Policy Implementation

Behavioral Competencies

• Problem Solving
• Communication