Technology Risk Lead

Job Purpose:

• A Technology Risk professional within the 2LOD responsible for identifying, assessing, and recording risks to ensure technology risk owners develop remediation plans to keep the company resilient.
• Information Security lead for all Technology Change Committee Boards (CCBs) identifying solutions to technology challenges with compliance, security, and risk.
• Support the Group Information Security ‘Security Architecture Forum’ which brings leaders together across all regions to understand the system architecture for Critical systems within NI.
• Local subject Matter Expert on Threat Models developed for all critical systems and core infrastructure.

Job Accountabilities:

• Responsible for the conduct of Group-wide Technology Thematic reviews as part of the Risk Assurance plan for the company.
• Development of threat models for the key systems, innovations, and network topology changes delivered across the region.
• Review the architecture for new solutions to ensure the security, resilience, and compliance requirements for such systems are met.
• Technical lead for solution design teams to interact with for SODs and DOUs within Technology.
• Report to the Group Technology Risk Lead on the Change activity conducted at the regional level in support of the Technology Risk Working Group dashboards for change. Highlight anomalies or areas for improvement at such committees.
• Facilitate timely identification and rectification of risks by technology risk owners. Perform verification of closure of remedial action to minimize recurrence of risk issues.
• Perform reviews of operational risk assessment of projects, new or change initiatives, introduction of new products, services or systems identify potential risks, and provide risk mitigating control recommendations using a unified risk assessment standard across the Group.
• Escalate and record Items for Management Attention to the Group Technology Risk lead where appropriate.
• Follow up with named stakeholders for known risk issues, ensuring timely closure or escalation where risks cannot be closed.
• Conduct risk assessments/threat models to identify potential vulnerabilities and threats to the organization’s technology systems and data.
• Advise management on best practices for managing technology risks.
• Keeping abreast of changes in technology and regulations that may impact the organization’s risk profile.
• Participate in new initiatives (e.g., products, services, solutions, system launches, etc.) to identify risks arising out of changes and recommend suitable controls and identify, assess, control, and monitor risks related to operational nature in alignment with the “Adaptive Gate Model” for Projects.

Job Requirements:

• Bachelor's or master’s degree in Computer Science / Information Technology / Risk Management / Management Information Systems with a strong grasp of statistical tools and techniques.
• Minimum 5 - 7 years experience in Banking / Financial Services / Payments Industry / Risk Management / Information Technology / IT Security.
• Exposure to Banking Operations, Payments, Card Operations, Merchant Acquiring Operations, Information Technology, and IT Security with reasonable experience in process management, MIS, and data analysis.
• Good understanding of international standards e.g. International Organization for Standardization ‘ISO’ and Committee of Sponsoring Organizations of the Tredway Commission 'COSO’.
• Industry certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and Certified in the Governance of Enterprise IT (CGEIT) are an added advantage.
• Should have strong communication, negotiation, presentation, and report-writing skills.
• Pro-active and self-starter who can work with limited supervision.
• Good understanding of Operational Risk Tools such as RCSA / KRI / Loss Data Management
• Strong interpersonal skills used within a team environment
• Strong communication, analytical skills, and strong organizational skills.
• Customer-focused, able to work under pressure, and have an easy-going attitude and self-motivation.