The Systems Risk & Control Officer is primary responsible for the conduct and management of systems risk and control reviews for assigned business applications being used by business groups to deliver new and enhanced products and services to clients, ensuring adherence to the Bank's information security and system control standards, compliance with regulatory requirements, and managing/mitigating risks emanating from system limitation, as applicable.
Responsibilities:
- Manages the review of UAT test plans and actual test results to ensure compliance with the business/user requirements and existing policies and standards of the Bank and that all noted defects/issues and related fixes are properly documented and monitored.
- Manages the review of all system access rights documents to ensure that there would be proper segregation of function and access privileges granted are limited to functions needed for their role following the principle of need to know basis.
- Reviews Threats and Vulnerabilities Risk Assessments (TVRAs) and Risk Assessment document for untested/failed test cases for business application systems to be implemented to ensure that inherent and residual risks are properly managed and adequately mitigated.
- Reviews and monitors outstanding action items emanating from business application systems implementation and maintenance to ensure that all committed action items are resolved and promptly delivered.
- Provides recommendations and/or enhancements on the unit's processes and tools to continuously improve the quality of reviews and turn-around time.
Qualifications:
- Bachelor's Degree in a Business-related courses or Information Technology
- Relevant work experience in banking, project management or information systems reviews and analysis
- Above-average oral communication skills
- Proficiency in written communication
