APPLY NOW!
Job title: Technology Risk & IT Change Manager
Company: ICONMA
Job description: Job Description
Technology Risk & IT Change Manager
Location: Buffalo, NY/ Arlington Heights, IL/ Remote
Duration: 12 months
Description:
- US Operational and Resilience Risk (ORR) is a sub-function of Group Risk. Its purpose is to ensure client understands, and is in control of, its non-financial risk position. In addition, the function provides resilience risk stewardship to US businesses, functions and entities in which the US bank operates.
Technology Resilience is the risk of unmanaged disruption to any IT system within client, as a result of malicious acts (i.e. cyber-attacks), accidental actions or poor IT practice (i.e. change control) or IT system failure (i.e. a core network switch failing).
The Technology Risk and IT Change Manager will serve as a specialist as part of client’s second line of defense Operational and Resilience Risk team. The role holder will serve as primary point-of-contact from US Operational and Resilience Risk to client’s US IT risk and change management operations, providing engagement and credible challenge of technology risk governance and change controls for Information Technology and Cybersecurity Risk.
The key accountabilities of the US ORR Technology Risk and IT Change Manager role include:
– Risk Management Expert: Specialist in information technology risk, including cybersecurity principles, cloud strategies and IT operational processes, with focus on change control and risk management through IT governance.
– Risk Management Oversight: Ensure robust oversight and credible challenge with clear expectations set with IT and Cyber Security Control Owners. Works closely with the first line of defense (including USA CIO, CISO, CCO and their respective teams) to agree required outcomes and remediation priorities.
– IT Change Oversight: Support the guidance, oversight and challenge on key Information Technology and Cybersecurity Risk issues arising from IT change management. Monitor and challenge the effective of ongoing change management control monitoring plans (i.e. oversight of test plans, sample checks).
– Risk Appetite: Monitor US Resilience Risk Appetite and oversee first line of defense reporting to governance committees. Work with US ORR Business and Functions teams to ensure US businesses understand the impact of any Resilience Risk appetite breaches that require changes to controls, resources and business operations.
– Risk Policy: Provide subject matter expertise and credible challenge on US Resilience Risk policy dispensations and risk acceptances.
– Risk Position and Challenge Papers: Help prepare evidence-based papers pertaining to Information Technology and Cybersecurity Risk positions to US boards, Risk Management Meeting (RMMs), Control Environment Management Meeting (CEMMs), and related forums.
– Regulatory Awareness: Apply guidance on client’s adherence to Information Technology and Cybersecurity Risk-related legislation and regulations from government organizations, regulators, and industry organizations.
Principal Accountabilities:
Key activities and decision-making areas
Impact on the Business
– Provide credible challenge across all information, technology, and cybersecurity risks within USA both enabling business growth while maintaining related risks within appetite
– Responsible for the review of controls relating to information, technology, and cybersecurity risks
– Review of internal and external events for their focus area, to disseminate the insight and learnings applicable to key Products and Services across the business
– Oversee their focus area of 1LOD IT adoption of Standards, Processes and Procedures required to implement the Policy objectives
– Maintaining on-going visibility of their focus areas’ key initiatives and helping to prioritize RR oversight according to IT risk
– Provide risk opinion, guidance and credible challenge to their focus area on dispensation requests
– Provide credible challenge of scenario analysis activities for both capital adequacy and IT risk management purposes
– Provide credible challenge of their focus area in the RCA process and the use of the RR Risk and Control Library to ensure relevant information, technology, and cybersecurity risks and controls are included in the RCA
– Manage and maintain close oversight on all RR related incidents with a view to provide credible challenge that risk and impacts have been handled effectively
Customers / Stakeholders
– Influence and provide direction to the 1LOD and ORR Business & Functions team to ensure they fulfil own roles and responsibilities and manage information, technology, and cybersecurity risk according to the Group’s frameworks and within stated appetite
– Build and maintain relationships with external partners, regulators, industry bodies and others to keep up to date with developments
– Manage relationships with wider ORR team
Leadership & Teamwork
– Challenge and influence to ensure specialist advice and guidance is understood and followed
– Work in conjunction with ORR Business & Functions team and the wider RR Specialist team
– Support diversity and reflect the client brand and organizational values.
Operational Effectiveness & Control
– Partner with ORR Business & Functions team and 1LOD to identify, measure, mitigate, monitor and report information, technology, and cybersecurity risks
– Partner with ORR Business & Functions team regarding Implementation of country Internal Audit and ORR recommendations and directions for the improved use of the Risk Framework related to the specialist area.
Typical Targets and Measures
– Feedback from stakeholders on quality and timeliness of specialist advice and guidance
– Evidence of RR’s contribution to an improving US control environment
– Internal/External events reviewed and insight shared with 1LoD on time to a quality standard
– Evidence of challenge, intervention and escalation of significant IT risk issues
– Evidence of challenge, intervention and escalation of significant control issues
– Evidence of contribute to Risk Management Scenario Analysis
– Evidence of challenge of 1LOD risk assessment and respective remediation results in change / improvement
– Evidence of timely specialist guidance and support to generalists on the management of resilience risks
– Compliance with regulatory requirements
– Positive stakeholder feedback
– Evidence of specialist advice provided and incorporated
– Evidence of effective teamwork across the region and countries
– Positive 360-degree feedback.
– Evidence of risk identified, measured and reported on to the 1LoD
– Evidence of audit outcomes and alignment to risk framework related to the specialist area
Major Challenges:
– Operating with influence and gravitas across all Lines of Defences within Global Businesses/Functions and Legal Entities within USA, in relation to the management and oversight of information, technology, and cybersecurity risk
– Providing clear delineation between accountable activities under operational and resilience risk
– Maintaining a commercial understanding without compromising standards of internal control and organizational risk appetite in a growing and successful business.
Role Context:
Reporting to Head of Operational and Resilience Risk, Technology and Digital, USA, the role holder will maintain close working relationships with the wider ORR team, locally, regionally and globally.
Client serves the needs of retail, corporate and institutional clients delivering innovative and integrated financial solutions. The Risk function discharges oversight on the management and monitoring of financial and non-financial risk by the businesses and their support functions.
The importance of non-financial risk and control has increased in recent years and is now the most influential subject for senior management, boards, and regulators. An organization’s ability for effective identification, measurement and mitigation of non-financial risk will have a significant impact on the achievement of strategic objectives.
The role has influence over a wide group of stakeholders and employees across the organization.
Management of Risk
– Responsible for ensuring awareness of the ORR risk impact associated with the role and must act in a manner that takes account of ORR risk considerations.
Observation of Internal Controls (Compliance Policy / FIM requirements)
– You will adhere to and be able to demonstrate adherence to client internal control standards. This is achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by the timely implementation of internal and external audit points, including issues raised by external regulators.
Role Dimensions:
You will be required to
– Work closely with all components of the ORR Team.
– Build effective relationship internal and external to ORR
– Enhance control understanding across client’s Products and Services in USA
The responsibility for non-financial risk spans the USA. You may also be responsible for local entity management for other team members outside of your direct reports, according to client local entity management requirements.
Knowledge & Experience / Qualifications:
- Subject matter expertise in one or more resilience technology risk categories (i.e. IT risk management), including understanding of industry best practices, frameworks, and regulatory guidelines
- Understanding of risk management principles
- Ability to engage with first line of defense stakeholders
- Strong written communicator with demonstrated analytic skills
- 3-5 years’ experience in related risk management and/or technology role(s)
- Bachelor’s degree and/or professional certificate in related discipline
Key Capabilities
– Providing Expert Advice and Robust Challenge
– Delivering Risk Steward Policies
– Oversee, Review, and Challenge Risks and Controls
– Understanding and Applying Risk Management in Context.
As an equal opportunity employer, ICONMA prides itself on creating an employment environment that supports and encourages the abilities of all persons regardless of race, color, gender, age, sexual orientation, citizenship, or disability
Expected salary: $30.32 – 57.56 per hour
Location: Buffalo, NY
Job date: Fri, 18 Dec 2020 07:23:36 GMT
APPLY NOW!
[ad_2]
