Technology Risk & Control Role - Big4

Technology Risk & Control Role

Job Purpose :

- This role is responsible for Information and Technology Risk management monitoring, reporting and performance. Role has a substantial impact on the Technology Stream and is normally geared towards risk mitigation and/or process improvement .

- Role requires an in-depth understanding of technology and systems infrastructure and a good understanding of information risk management principles and concepts.

- The candidate must be able to multitask, handle changing priorities and work independently in a fast changing environment. Scope will include metrics reporting, action tracking, project status reporting and responsibility for the delivery of short term initiatives.

- The candidate must be able to communicate and engage effectively with all levels of management across both technology and business areas, being able to articulate the risk posture, advise stakeholders of the mitigation requirements status as well as providing clear and concise updates on various key projects.

- Work with business & technology partners to investigate and resolve control incidents or violations that may arise.

- Experience in enterprise data governance and processes, risk governance, driving best IT practices and continuous improvement processes across diverse businesses. Understanding of changes in general technological landscape, technology impact and expectations from IT in global context desirable.

Knowledge, Skills and Experience :

- Experience in Information Technology / Systems/IT Risk management, audit or equivalent

- Ability to travel for 20-30% time

- Proficient technical skills, including: audit, business analysis, change management, IT Risk Management, operating systems and data sources knowledge, performance metrics and reporting, technical problem resolution, project management, and vendor management.

- Proficient working knowledge within the following risk domains/technologies:

- Database and application security

- System/Access Administration

- Network Architecture

- Database/Application/Network Layer Secure Protocols

- Vulnerability Management, Cyber Security, Information Security Compliance

- General Information Technology Controls

- Information Technology Application Controls

- Technology Regulatory Compliance

- Proficient risk assessment, interpretation, analytical and negotiation skills.

- IT Risk Management/Audit industry certification (such as CISSP, CISA, CRISC, etc.) required

- Masters degree preferred, Bachelors degree required or equivalent technical experience

- Working knowledge and implementation expertise in security standards like ISO 27001/2, ISO 22301, PCI DSS, SSAE16, NIST, security auditing, and risk management

- Knowledge of Technology Regulatory compliance requirements from HKMA, FCA, NYDFS, FRB, FFIEC, QCB, RBI, Central Bank of UAE, Central Bank of Egypt, Central Bank of Kuwait and Central Bank of Bahrain