The IT Risk Officer will be primarily responsible for managing the IT risk and information security risks in the bank. This position will also be the designated Chief Information Security Officer for the bank.
Risk Assessment and Management
- Conduct comprehensive risk assessments of IT and information security systems
- Develop and implement risk mitigation strategies
- Monitor and report on information technology risk exposures, compliance with internal policies, and regulatory requirements
Policy and Framework Development
- Develop and maintain IT risk and information security policies and frameworks
- Ensure policies are aligned with industry best practices and regulatory standards
Incident Management
- Lead the response to IT and information security incidents
- Develop and maintain incident response plans and procedures
- Coordinate with internal and external stakeholders during and after incidents
Compliance and Auditing
- Oversee compliance with relevant laws, regulations, and standards
- Coordinate internal and external audits of IT and information security practices
- Implement corrective actions to address audit findings
Stakeholder Engagement
- Liaise with business units to integrate risk management practices
- Communicate risk-related issues to senior management and the board
- Collaborate with external stakeholders on risk-related matters
Training and Awareness
- Develop and deliver training programs on IT and information security risk
- Promote a culture of risk awareness and security within the organization
Strategic Planning
- Contribute to the strategic planning of IT and information security initiatives
- Provide expert advice on risk-related matters in strategic decision-making processes
