IT Risk Officer

IT Risk Management officer responsible to maintain the IT Risk Framework and its associated controls and reporting. Responsible to evaluate overall information technology risk, maintain an active view, and report on the actual, mitigated and residual risk in the Information Technology. Assess, investigate, and research activities and scenarios and provide expert advice that addresses the questions and concerns surrounding the project or investment.

The IT Risk Management officer will promote the control of the IT related risk management and information security activities undertaken. This would include participation in the creation of policies and the execution of process undertaken to ensure compliance with these policies. Supports the Head of Information Security Department to maintain and improve the IT related risk management.

Responsibilities

1. Identify, assess and evaluate risk to enable the execution of the enterprise risk management strategy.

2. Collect information and review documentation to ensure that risk scenarios are identified and evaluated.

3. Establish the information security policy and standards for the Bank. Also Recommends required changes to IT risk & security policies and procedures.

4. Facilitate independent risk assessments and risk management process reviews to ensure they are performed efficiently and effectively. Prepares and/or coordinates Quarterly IT Risk Meeting.

5. Works closely with IT and development teams to design secure infrastructure solutions and applications, facilitating the implementation of protective and mitigating controls.

6. Assesses potential items of risk and opportunities of vulnerability in the network and on information technology infrastructure and applications.

7. Reviews risk assessments, analyzes the effectiveness of information security control activities, and reports on them with actionable recommendations.

8. Monitors risk mitigation and coordinates policy and controls to ensure that other IT Department are taking effective remediation steps.

9. Manages project documentation (risk assessmentcorrective action plans)

10. Coordinates, assesses and communicate requirements associated with impact, continuity, and recovery.

11. Participates in new activities with appropriate technology groups, resulting in timely, effective decisions regarding impact, continuity, and recovery.

12. Coordinates the development of disaster recovery test plans, testing, and documentation for each application. Engages application and systems management in disaster recovery testing, objectives and auditing.

13. Coordinates the development of information security disaster documentation for each application.

14. Monitors compliance with security policies, standards, guidelines and procedures. Ensures security compliance with legal and regulatory standards

Qualifications

Excellent verbal and written communication skills

3-5 years of experience in IT Risk

Knowledge in the banking industry

Accuracy in report making