Job #: 788
Title: VP – IT Risk and Controls
The position requires frequent interaction with technology Risk Officers, Operational Risk Management, Internal and External Audit, Compliance, and Legal. The IT Risk and Control Team is global and would require attending conference calls outside of regular business hours.
• Oversee and facilitate the implementation of the risk management strategy, policy and governance framework and ensure effective and efficient systems of internal control are implemented within technology.
• Lead and support IT business units (ITBUs) in identifying, evaluating, monitoring, controlling and reporting key operational risks.
• Identify and Communicate Emerging Risks: oversee risk reviews conducted through assessments or operational data reviews (such as incident and problem reviews) and ensure that emerging risks are
identified and documented
• Oversee the Maintenance and Publication of the Regional Risk-Control Self-Assessment (RCSA): in coordination with the above item, ensure each department maintains and publishes its risk register with entries identified through their assessments and operational reviews; monitor remediation per the agreed plans
• Work with the ITBUs in developing and reporting KRI’s, thresholds and remediating actions to senior management.
• Ensure all levels of staff within their areas of the business understand their risk management responsibilities.
• Support the Divisional Heads monitor compliance with the technology policies and the effectiveness of the systems of internal control within their areas of the business and ensures any exceptions are appropriately reported and resolved.
• Establish a strong control culture in which control activities are an integral part of their business activities.
DR Planning and Testing Oversight:
• Draft the annual DR testing plan for the US, coordinating across all IT Departments to ensure the critical applications and underlying infrastructure meet the testing requirements.
• Present progress against the plan at regular technology review meetings.
• Excellent relationship management, communication and analytical skills.
• Operational Risk and/or IT Security related certification or equivalent combination of training and experience.
• A minimum of 8 years of general business experience, including leading teams on a matrix basis.
• A minimum of 5 years of investment banking experience.
• Experience in an environment performing risk management and/or overseeing IT security activities for a retail (individual investor) client base would be beneficial.
• Experience with implementing operational/enterprise risk management, internal controls, compliance, or internal audit programs in a financial services environment.
• Basic experience with IT infrastructure, allowing effective management of the IT Security team and overall engagement with IT Management.
• Experience with testing and assessing the effectiveness of internal controls.
• Experience in conducting training and awareness seminars to the Division, emphasizing and clarifying the roles and responsibilities of each department within operational risk management.
• Experience in challenging the risk posture, providing an additional level of assurance over its measurement.
• Fluent in English
• Strong Excel (Marco), Visio, PowerPoint
• CISA, CISM, CRISC, CISSP, or other IT governance, risk, or audit or security professional qualification.
• Certified COBIT practitioner (Desirable)
• ITIL v3 qualification (Desirable)