Director - Technology Risk & Controls Management

Title - Director Technology Risk and Controls Management - CTO

Reports -Global Head of Risk, Insights and Controls - CTO

Roles & Responsibilities:

The 1st line Tech Risk, Insights and controls function at Bank sits within the Chief Technology Office (CTO) for Bank Group. CTO has the largest footprint within the Technology, Data and Innovation division and is joined by other business-aligned CIO IT divisions.

The Tech Risk, Insights and Controls is a dynamic team, consistently in demand, for providing guidance and challenge to deliver change and maintain systems in a secure and resilient manner.

As part of the team, you will join the Bank's journey and contribute towards our strategic goal of cloud enabled solutions as well as activities that improve our operational resilience and risk reduction.

The Risk and Controls management role will drive the build out of CTO Control definition and assessments capability across IT Infrastructure, SDLC and Architecture domains, with a view towards supporting a proactive risk management function. This will therefore include technology risk specialists providing change risk advisory services for transformational change programs undertaken by or impacting CTO. The Head of Control Assessments and Change risk Advisory will establish and lead a global IT control assessments team and will report to the Global Head of Risks, Insights and Controls and work in close partnership with the other CTO heads.

Risk Management - Design, Control & Govern

- Design, manage and maintain the control strategy and framework with related governance across Technology platform and ensure it reflects the changing regulatory landscape and bank wide minimum control standard requirements

- Align internal Bank policies/procedures against industry recognized framework to strengthen the control framework and its implementation for both within the Bank and our 3rd party vendor relationships

- Develop, implement and monitor Key Risk Indicators and escalate breaches to risk appetite and recommend mitigating solutions to minimize the risk exposure

- Develop measures and review overall control design effectiveness and its applicability on a consistent basis and if needed, modify and or eliminate unwarranted controls

- Accountable for coordinating the overall control framework and coordination with Divisional Controls and Regulatory Office for their independent testing

- Be a catalyst and an enabler to the global leadership for achieving the objectives in line with changing regulatory and industry operating landscape

- Ensure management transparency by way of timely risk reporting and proactive engagement and representing controls team at different governing forums

Change risk advisory and Remediation

- Providing technology risk expertise related to strategic changes within the CTO Organization

- Proactively monitor risk landscape shift within the industry to identify transformation project opportunities to insulate Bank from any potential risk exposure e.g., Production design life cycle, application and infrastructure architecture and its resilience

- Ensuring seamless execution of Book of Work and necessary adherence to Risk and Governance Methodology to help deliver globally agreed objectives

- Accountable for the management and closure of audit findings as well as any Self-Identified Issues (SII) within the direct remit of responsibilitie

Stakeholder Management - Identify, Partner and Collaborate

- Work with relevant stakeholders to identify and assess controls gaps related to technology risk - measure and mitigate them in a timely manner

- Align with global Integrated Controls Framework (ICF) team within DCRO team ensuring successful and consistent implementation of the established control framework

- Partner with 2nd LoD, NFRM (Non-Financial Risk Management) to ensure alignment towards Group wide minimum control standards

- Collaborate closely and proactively with Group Audit team enabling CTO to manage the overall risk and audit lifecycle.

- Promote and support proactive IT risk culture at the Bank

People Responsibility - Identify, Develop, Retain Talent

- Lead a niche team within the assigned portfolio to deliver the risk and control mandate

- Set clear direction / objectives for the team in line with overall functional strategy ensuring fine balance of global and regional priorities

- Ensure best practices are leveraged across teams, performance is closely monitored and that issues are dealt with within the team or escalated to senior management

- Identify, develop and retain talent ensuring growth for team members and ensure succession planning is built for critical roles

- Establish an inclusive, open and speak up culture wherein team members are encouraged to express views and raise their concerns without fear

Experience / Requirements:

Desired experience:

- Overall experience in similar roles for 15+ years in a Technology company or in a Banking Technology division or IT audit

- Minimum 7 years of experience as Risk and Control Lead in designing and implementation of Technology risk framework in a global organization

- Good understanding of Industry best practices such as NIST, COBIT, ITIL and ISO 27001

- Deeper understanding of industry wide risk landscape and regulatory expectations

- Knowledge of Agile change delivery methodology, DevOps and Shift left concepts

- Cloud Computing Technology (GCP, AWS, Azure etc.) certifications or similar domains

- Other professional qualifications and certifications in Technology risk management

Leadership skills :

- Strong team player and should have people management experience

- Ability to lead at a global level in a cross-cultural and diverse operating environment

- Desire to learn about new and emerging technologies and continuous upskilling

- Result oriented and ability to deliver under tight timelines

- Ability to successfully resolve conflicts in a globally matrix driven organization