Vice President - RISK ORM ICT

RISK ORM ICT ISPL Governance & Oversight

Provide IT & Cyber risk management oversight and advisory to the business, technical and operations groups
Provide direction, support and oversight with respect to management of security and technology risks of core systems and applicationsDrive effective implementation and communication of Operational Risk Management policies and guidelines, in particular RISK ORM ICT related. Risk management environmentIdentification & Assessment: Ensure that the identification and assessment of operational risks are effectively done across the organization by correlating input from Audit Findings, Internal LossData Collection & Analysis, External Data Collection & Analysis, Risk Control Self Assessments, Business Process Mapping, KPIs & KRIs, Scenario Analysis, Quantified Measurement & Comparative AnalysisMonitoring & Reporting: Implement a process to regularly monitor operational risk profiles and material exposureto losses and provide appropriate reporting mechanisms to the board, senior management and the business lines. Data capture and operational risk reporting should be continuously enhanced and provide a feedback loop to enhance risk management policies, procedures and practices.Control & Mitigation: Improve the effectiveness of the Internal Controls program by reviewing the control environment, risk assessment process, control activities, information and communication and monitoring activities. Assess operational risk response strategies. Validate risk transfer options.Risk Disclosure: Provide updates on regulatory and financial disclosure while complying with external and regulatorycommunications standards and disclosing the operational risk management framework of the bank in a manner thatcomplies with the formal disclosure policy approved by the board of directors. Defines approach for determining whatoperational risk disclosures are made and the internal controls over the disclosure process. Implement a process to assess the appropriateness of the disclosure, including the verification and frequency.

Contributing Responsibilities
RISK ORM ICTGovernance & Oversight
Contribute to the establishment of an IT & Cyber Risk Management program in the Bank and at ISPL within thethree lines of defense model in alignment with the Group Risk Management FrameworkAssist with establishing appropriate risk management governance committees, arrange agendas and chair meetingsas appropriateAssist with establishing and oversight of the Operational Risk Management infrastructure and ensure practices areconsistent with regulatory expectations and industry sound practicesRisk management environment
Business Resiliency & Continuity: Oversee and drive the business resiliency and continuity plans to ensure theability of the Bank and at ISPL to operate on an ongoing basis and limit the losses in the event of severe businessdisruption. Coordinate with the first and third lines of defense to test these plans to ensure coverage and adequacy.
Technical & Behavioral Competencies
Professional qualifications relevant to Information Security (such as CISA, CISM or CRISC).Strong risk mindset with understanding of applicable regulatory requirements in financial services sector aroundInformation Security Risks (Technology Risk, Business Continuity Risk, etc.)Experience in managing Enterprise Risk and necessary Controls. Experience in the infrastructure security space.Strong experience in Third Party Risk assessment process.Functional knowledge in below areas to cover endpoint, network devices, server and databases:Security ArchitectureMalware ProtectionIdentity & Access Management Secure ConfigurationSecurity TestingEmerging Technology Security

Good understanding of information security technologies and knowledge around network devices, servers, Firewall, IDS, IPS, SIEM, DLP, Proxy, Web / Email Content Filtering and Anti-Virus & Malware protection.Good understanding of vulnerability assessments and penetration testing and technologies associated with the capabilities.Good understanding of incident response and management capability for cyber incidents. Working knowledge of Regulatory requirements.

Competencies (Technical / Behavioural)

The successful candidate will have a proven track record in managing risk and technology in large/global organizations with robust knowledge of technology, risks and controls, IT and security architecture, operational resilience, and third party technology risk management. Prior ICT risk experience (IT, DR/BCM, Cyber security, Third Party, etc.) and exposure to Financial Services industry is a requirement. Experience with risk management tools and information systems is beneficial.

Skills Referential
Behavioural Skills:
Decision MakingClient focusedAbility to collaborate / TeamworkAttention to detail / rigor

Transversal Skills: Analytical Ability Ability to manage a project Ability to develop others & improve their skills

Experience in business process re-engineering, experience with functional and enterprise technical architecture, good understanding of large-scale technology infrastructure.

Understanding of emerging technologies e.g. IoT, Cloud, etc.

Understanding of ISO 2700X series of standards and guidelines

Significant experience in the field of Technology Risk Management, Operational Resilience, Cyber, Information Security and Crisis Management.

Strong Risk mindset with understanding of applicable Technology Risk and Resilience regulatory requirements

Proficiency in IT Service Management, Service Continuity domains

Experience within a regulated environment such as financial services industry

Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks

Consider the implications of actions on colleagues, partners and clients before making decisions and escalate issues to manager when unsure

Specific Qualifications Required

Graduate or post-graduate qualification in ICT domains, risk management or control function

10 years or more experienceor practical understanding in IT, IT Security or other ICT domains required.

Project management skills.