This role is within the IT department of a Global Investment Bank. The Technology Risk Officer is part of the Control IT team encompassing Technology Risk and Information Security which acts as the First Line of Defence.
You will be responsible for providing oversight of the control environment across various CIO teams in the IT department. You will assess the technology risks across key applications, systems and processes and maintain an understanding of the key areas of risk. You will work in close partnership other members of the Technology Risk and Information Security group and with the CIO teams to identify appropriate remediation actions to being any risks identified back to within our risk appetite and then oversee the timely delivery of any remediation work agreed. You will be responsible for running the risk governance processes. You will also play an important part in collaborating with colleagues in Operational Risk and internal and external Audit.
The Technology Risk and Information Security team currently provides a technology risk service to over 100 different applications and a wide range of infrastructure operating systems and databases across London, NY and Asia and an information security service to the whole firm.
Key Responsibilities / Accountabilities
• Support the risk governance processes covering the IT teams (control assessments, risk committees, risk acceptances, risk register, risk remediation action tracking)
• Capture and manage risks raised by IT either in response to identified vulnerabilities, incidents or formal controls assessment processes
• Work in collaboration with the IT teams to agree appropriate remediation actions to identified control weaknesses and oversee the timely completion of these actions and other actions identified in IS vulnerability scanning or pen testing activities
• Perform application and system control reviews both as part of the change management processes and also as part of a periodic controls assessment program.
• Produce monthly management reporting (MIS) in support of the various activities within the IT risk management governance framework
• Support the Head of Technology Risk and Information Security in developing the maturity of risk management activities across IT and provide though leadership as required
• Provide technology controls and risk advice to the IT teams and liaise with other controls experts across the organisation as appropriate (e.g. information security, business continuity)
• Champion best practices for GCC (general computer controls), including change management, Identify and access management, SDLC
• Collaborate with colleagues in Second Line of Defence and also with Internal Audit
Preferred Qualifications and Experience
• Professional Qualifications – CISA/RiskIT/CISM/CISSP/CSSLP (Desirable)
• Minimum of 5 years working in IT with a risk or controls focus or in an internal audit function specialising in IT
• Thorough understanding of software development lifecycles (SDLC) and general computer controls (GCCs)
• Excellent knowledge of technology risk and control taxonomies and the industry standard frameworks (ISO27001, ISO/IEC 27034, COSO, COBIT)
• Excellent relationship management and collaboration skills and ability to provide appropriate challenge to IT colleagues on control design and operation and the tracking of any agreed remediation activities
• Deep understanding of audit requirements and ability to provide accurate and timely information to requests
• Understanding of regulation, policy and standards applicable to the technology control environment
• Working knowledge of the Global Markets business
• Demonstrable technical credibility
• Proven influence at senior manager level
• Results orientated
• Excellent written and oral communication skills
• Excellent facilitation, negotiation, challenge and conflict resolution skills
• Analytical and problem-solving skills
• Demonstrable ability to plan, prioritise and manage multiple activities
• Strong networking skills
• Team player – approachable, ability to share and consult with others