Division Summary The Technology Risk team currently provides Technology Risk service to more than 100 different applications and a wide range of infrastructure operating systems and databases across London, NY and Asia and an information security service to the whole firm.
Job Purpose This role is within the IT department of a Global Investment Bank. The Technology Risk Manager is part of the Technology Risk team encompassing Technology Risk and Information Security which acts as the First Line of Defence.
You will be responsible for providing oversight of the control environment across various CIO teams in the IT department. You will assess the technology risks across key applications, systems and processes and maintain an understanding of the key areas of risk. You will work in close partnership other members of the Technology Risk team (Security Operations, Cyber Security, IT Risk and Logical Access Management) and with the CIO teams to identify appropriate remediation actions to being any risks identified back to within our risk appetite and then oversee the timely delivery of any remediation work agreed. You will be responsible for running the risk governance processes. You will also play an important part in collaborating with colleagues in Operational Risk and internal and external Audit.
Support the risk governance processes covering the IT teams (control assessments, risk committees, risk acceptances, risk register, risk remediation action tracking)
Conduct security analysis and risk assessments during project phases and manage the reports on residual risk.
Capture and manage risks raised by IT either in response to identified vulnerabilities, incidents or formal controls assessment processes
Work in collaboration with the IT teams to agree appropriate remediation actions to identified control weaknesses and oversee the timely completion of these actions and other actions identified in IS vulnerability scanning or pen testing activities
Perform application and system control reviews both as part of the change management processes and also as part of a periodic controls assessment program
Produce monthly management reporting (MIS) in support of the various activities within the IT risk management governance framework
Write impactful reports and present the reports on IT Risk assessments along with the remediation plans.
Produce and review IT Risk and Cyber Security metrics to assess trends and produce insightful analysis and practical action plans
Help drive IT Risk and Cyber Security initiatives in the bank such as SIEM tool improvements, Implementing Network and End Point IPS
Support the Head of Technology Risk in developing the maturity of risk management activities across IT and provide thought leadership as required
Provide technology controls and risk advice to the IT teams and liaise with other controls experts across the organisation as appropriate (e.g. information security, business continuity)
Champion best practices for GCC (general computer controls), including change management, Identify and access management, SDL
Collaborate with colleagues in Operational Risk and internal and external Audit.
Preferred Qualifications and Experience
Professional Qualifications - CISA/RiskIT/CISM/CISSP/CSSLP (Desirable)
Excellent knowledge of technology risk and control taxonomies and the industry standard frameworks (COBIT, ISO27001, ISO/IEC 27034)
Extensive experience working in IT with a risk or controls focus or in an internal audit function specialising in IT
Thorough understanding of software development lifecycles (SDLC) and general computer controls (GCCs)
Excellent relationship management and collaboration skills and ability to provide appropriate challenge to IT colleagues on control design and operation and the tracking of any agreed remediation activities
Deep understanding of audit requirements and ability to provide accurate and timely information to requests
Understanding of regulation, policy and standards applicable to the technology control environmen
Working knowledge of the Global Markets business
Demonstrable technical credibility
Proven influence at senior manager level
Excellent written and oral communication skills
Excellent facilitation, negotiation, challenge and conflict resolution skills
Analytical and problem solving skills
Demonstrable ability to plan, prioritise and manage multiple activities
Strong networking skills
Team player - approachable, ability to share and consult others
Requirements: Locale London
Internal Number: 6707073
About ICBC Standard Bank Plc
eFinancialCareers is a career site specializing in financial services.