Head of IT Risk
Reputable Multinational Company
Career advancement opportunity
About Our Client
Our Client is a leading, highly recognised multinational and global brand.
Risk Identification, Assessment and Evaluation
- Identify, assess and evaluate risk to enable the execution of the enterprise risk management strategy.
- Collect information and review documentation to ensure that risk scenarios are identified and evaluated.
- Identify legal, regulatory and contractual requirements and organizational policies and standards related to information systems to determine their potential impact on the business objectives.
- Identify potential threats and vulnerabilities for business processes, associated data and supporting capabilities to assist in the evaluation of enterprise risk.
- Create and maintain a risk register to ensure that all identified risk factors are accounted for.
- Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization.
- Analyze risk scenarios to determine their impact on business objectives.
- Develop and implement risk responses to ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives.
- Monitor risk and communicate information to the relevant stakeholders to ensure the continued effectiveness of the enterprise's risk management strategy.
Information Systems Control Design and Implementation
- Design and implement information systems controls in alignment with the organization's risk appetite and tolerance levels to support business objectives.
- Interview process owners to gain an understanding of the business process objectives.
- Analyze and document business process objectives and design to identify required information systems controls.
- Design information systems controls in consultation with process owners to ensure alignment with business needs and objectives.
- Facilitate the identification of resources (e.g. people, infrastructure, information, architecture) required to implement and operate information systems controls at an optimal level.
- Monitor the information systems control design and implementation process to ensure that it is implemented effectively and within time, budget and scope.
- Provide progress reports on the implementation of information systems controls to inform stakeholders
- Test information systems controls to verify effectiveness and efficiency prior to implementation.
Information Systems Control Monitoring and Maintenance
- Monitor and maintain information systems controls to ensure they function effectively and efficiently.
- Plan, supervise and conduct testing to confirm continuous efficiency and effectiveness of information systems controls.
- Collect information and review documentation to identify information systems control deficiencies.
- Review information systems policies, standards and procedures to verify that they address the organization's internal and external requirements.
- Assess and recommend tools and techniques to automate information systems control verification processes.
- Evaluate the current state of information systems processes using a maturity model to identify the gaps between current and targeted process maturity.
- Determine the approach to correct information systems control deficiencies and maturity gaps to ensure that deficiencies are appropriately considered
IT Policies/Governance and Compliance
- Coordinate the development and ongoing maintenance of other IT policies and procedures.
- Ensure that all IT policies and procedures are compliant with regulatory requirements.
- Maintain a schedule of policy review and submission to the board for approval
Disaster Recovery Coordination
- Maintain the IT Disaster Recovery Plan including annual reviews.
- Oversee the regular testing of the plan and update for major changes in hardware, applications, business and regulatory requirements accordingly.
- Coordinate testing and reporting of data backup restorations in accordance with Key Performance Indicators (KPIs).
Audits and Reviews Preparation and Facilitation
- Serve as liaison to auditors, consultants, and the bank Compliance Committee regarding documentation and review of information compliance.
- Communicate audit and review results to appropriate parties; ensure that issues are addressed and corrective actions are implemented.
The Successful Applicant
- Certification in Information Security (CISSP) is a MUST
- Other certifications is an added advantage
- Must be fluent in ENGLISH - both writing and speaking
- excellent report writing skills are required. Must be able to summarize and communicate technical data to a non-technical audience.
- Audit experience is not a must but an added advantage
- must be a Subject Matter Expertise (SME)
- Bachelor's Degree in Computer Science, Auditing or equivalent.
- Experience in the financial/banking industry is preferred.
- 5 years auditing experience as a compliance manager, information risk specialist or IT auditor.
- 3 years management experience in IT functions
What's on Offer
A challenging sphere of activities in a committed team.