Missions:

- Support Risk Management and Supervision team [RMS] in charge of assessing the risk profile and the effectiveness of the information security risk systems of the Group's Business and Service Units.

- Review IT risk self-assessments and follow -up the implementation of agreed risk remediation plan.

- Proactively understanding existing/upcoming regulations.

- Facilitating local compliance with information security policy as well as appropriate regulations/laws

- Assisting in the development / changes to the ICT risk frameworks, a strong risk management culture and to be recognized for providing expert operational risk advice.

- Partner with sr. stakeholders to proactively identify ICT risks and assess the adequacy of controls to manage such risks, including recommending enhanced or additional controls.

- Proactive in identifying and following up on ICT anomalies / areas of concern.

- Independently review, challenge and support information security activities. - Review the analyses conducted by the LOD1 (ORMs/CISO/BU-SU Program Managers etc.) on their information security risk profile and the related remediation actions

- In response to material information security incidents, whether internal or external, conduct independent deep dive review of the preliminary, interim, and final incident investigation report and act as a challenge function to such reports.

- Support information security reporting and monitoring of metrics and Key Risk Indicators (KRI) at the product line and divisional levels; continuously review existing body of KRI and related reporting.

- Consult with internal groups such as CISO, Infrastructure, Compliance, Legal, and other Operations teams on matters related to information risk controls, self-assessments, security incidents and infrastructure projects' security aspects.

- Participate in the validation of the information security standards and standards applied by the BUs/SUs and the requested exceptions.

Profile:

- Support Risk Management and Supervision team [RMS] in charge of assessing the risk profile and the effectiveness of the information security risk systems of the Group's Business and Service Units.

- Review IT risk self-assessments and follow -up the implementation of agreed risk remediation plan.

- Proactively understanding existing/upcoming regulations.

- Facilitating local compliance with information security policy as well as appropriate regulations/laws

- Assisting in the development / changes to the ICT risk frameworks, a strong risk management culture and to be recognized for providing expert operational risk advice.

- Partner with sr. stakeholders to proactively identify ICT risks and assess the adequacy of controls to manage such risks, including recommending enhanced or additional controls.

- Proactive in identifying and following up on ICT anomalies / areas of concern.

- Independently review, challenge and support information security activities. - Review the analyses conducted by the LOD1 (ORMs/CISO/BU-SU Program Managers etc.) on their information security risk profile and the related remediation actions

- In response to material information security incidents, whether internal or external, conduct independent deep dive review of the preliminary, interim, and final incident investigation report and act as a challenge function to such reports.

- Support information security reporting and monitoring of metrics and Key Risk Indicators (KRI) at the product line and divisional levels; continuously review existing body of KRI and related reporting.

- Consult with internal groups such as CISO, Infrastructure, Compliance, Legal, and other Operations teams on matters related to information risk controls, self-assessments, security incidents and infrastructure projects' security aspects.

- Participate in the validation of the information security standards and standards applied by the BUs/SUs and the requested exceptions.