IT Risk Management Head

To act as the first line of defense through managing the Information Technology risks with different lines of business to identify enhancements in IT Risk Management in line with Enterprise Risk Management and risk appetite framework, in order to adequately capture, assess, prioritize, report, mitigate & manage IT risks based on international best practice. To report the top critical IT risks and highlight possible risks that are not currently captured and develop a framework to capture and govern all IT risks. To also develop and maintain IT Risk strategy, policy, procedures, process and manage IT Risk staff while embed and drive a risk culture & risk appetite in all IT functions.

key responsibilities:

• Participate in the development & Provide recommendations on policies in collaboration with Technology Risk Management team on IT policies, systems, procedures, processes related to capturing & managing different types of IT risks related to lines of business.
• Work proactively with Enterprise Risk Management, Information Security, Technology teams and business domains in the design and implementation of IT risk assessment practices.
• Manage Top Critical IT Risks and manage risks that are not currently captured and develop a framework to capture and govern all IT risks.
• Assess tools and processes that are used to continuously update the risks in order to ensure that all material IT risks are adequately captured and managed.
• Deploy Risk Appetite Indicators (RAIs) and Key Risks Indicators (KRIs) & review a consolidated list of RAIs / KRIs based on external best practices and regulatory expectations Direct and oversee processes to identify, assess, improve, and optimize risk practices within the IT environment.
• Review and manage IT Risk status report and monitor the implementation of remediation actions to provide recommendations for the IT risk measurement techniques (e.g. RCSAs) and processes.
• Force mindset and behavior changes in IT Risk Management at Bank level, – preparing a comprehensive communication, training and culture change initiative for people.
• Communicate & work directly with the business units and other internal IT stakeholder to facilitate IT risk analysis and risk management processes, identify acceptable levels of residual risk, and establish roles and responsibilities related to information classification and protection as per the published polices and respective Governance and Risk framework with various defense lines.
• Lead the IT Risk Management function, that is responsible for providing independent assessment and assurance of the effectiveness and efficiency of the IT control environment.
• Oversee the creation, dissemination and (as required) update documentation of CIB’s matrix of identified IT risks and controls.
• Direct IT functional teams in the development, implementation, monitoring, assessment, and reporting of control processes, documentation and risk mitigation activities.
• Work directly with the business units and other internal departments and organizations to facilitate IT risk analysis and risk management processes, identify acceptable levels of residual risk, and establish roles and responsibilities related to information classification and protection to ensure effective participation of IT Risk function in relevant committees such as IT Board Risk Committee.