The Role Responsibilities :
- Support the functional head in leading a team of ICS technical control testing SMEs (Subject Matter Experts) to plan and execute on key controls testing across the bank's critical IT systems.
- Lead the execution of a consistent, sustainable and re-performable control testing framework/methodology for the bank's critical IT systems.
- Provide thought leadership on ICS technical control design, assessment, testing processes and drive continuous -improvements in alignment with organization's risk frameworks.
- Work with the Application/Service/Control Owners of critical IT systems to identify emerging ICS risks and ensure they are appropriately addressed by relevant technical controls.
- Support the provision of MI (Management Information) to the respective risk forums across business and functions.
- Assess compliance with the Bank's risk frameworks, policies and industry standards (NIST).
- Support stakeholders in defining remediation actions to address identified control weaknesses and issues across critical IT systems, and associated processes.
- Track issue remediation, check and challenge delivery status and escalate delays.
- Identify opportunities for automation of controls testing.
- Maintain effective relationships with leaders and stakeholders.
- Support the continuous improvement of ICS control testing, risk and control processes, aligning to and avoiding duplication with other assurance functions.
- Lead through example and build the appropriate culture and values. Set appropriate tone and expectations, and work in collaboration with risk and control partners.
- Adopt an anticipatory approach to risk assessment through stakeholder engagement and monitoring of the external environment.
- Provide robust challenge and escalation to senior management to ensure activities achieve risk reduction.
- Provide timely and accurate risk & control information to support internal/external (e.g. regulatory) assessments.
The Role Requirements :
- Educational background in Computer Science, Economics, Law, Risk Management or other relevant areas.
- 8-15 years in IT/Cyber Audit and/or Cyber Risk Management or similar experience is essential.
- Professional qualifications such as CISA/CRISC/CISM/CISSP will be advantageous.
- Posess the right mix of leadership, cyber expert and risk & control skills.
- Be self motivating and kick starter capable of working with limited direction.
- Be capable to execute leadership, management and coaching over colleague(s).
Didn’t find the job appropriate? Report this Job