Senior ICT Risk Manager (m/f)
Your responsibilities
- To maintain and improve the ICT risk management framework and its associated components (e.g. Risk & Control Self Assessments)
- To design, implement and maintain the ICT risk management processes and scenarios in collaboration with ITD.
- To process the Risk Control Self-Assessment (RCSA) process on ICT risks.
- To challenge the self-risk assessment scoring defined by ITD on the ICT risk controls.
- To engage with 1LoD to ensure policies and procedures adhere to developed standards and guidelines
- To elaborate on the ICT risks internal and external reporting.
- To control the ICT incidents management process / Synchronization with ITD.
- To maintain and review the current Business Continuity Plan to limit the ICT risks and their impacts.
- To develop and maintain the policies and procedures package dedicated to the ICT risk framework.
- To develop ICT risk awareness and ICT risk management culture at the Bank's wide level.
- To integrate the ICT risks in the overall risk control framework (risk appetite KRI/KPI, risk matrix, ICAAP, etc.).
- To work in close collaboration with the Cyber Security Officer and the Information Security Officer.
- To perform other tasks instructed by the Department Head and the Deputy Department Head of the Risk Management Department.
Your profile Education and experience
- Master's degree in Information Technology or equivalent
- ICT / ICT Risk Management certifications are expected
- Proven experience (6-8 years) in IT Risk Management and Information Security Knowledge
- Overall banking knowledge
- In-depth knowledge of ICT risk management processes
- Good knowledge of main ICT and Security processes including Patch & Vulnerability Management, Asset & Configuration Management, Incident & Problem Management, Change Management, IT third-party management, Logical Access Management, IT Continuity and Backup, etc.
- Good knowledge of ICT frameworks and Standards (e.g. COBIT, ISO 27001, ISO 22301, NIST CSF, etc.) and applicable ICT and Cyber regulations (e.g. EBA Guidelines, CSSF Circulars, etc.)
- One or several relevant certifications (e.g. ISO 27005, ISO 22301, ISO 27001, CISSP, CISM, ITIL, etc.).
- Languages Fluent in English and French.