The IT Risk Manager a.i. is responsible for owning, operating and monitoring my clients complex IT Control Framework and internal control system regarding IT Risk management and to manage all IT related risks.
Responsibilities
- Trusted advisor to management of corporate departments supporting them in their (IT) decision making and helping them reach their business and IT goals
- Sufficient level (and a holistic thinker) to interact independently with D&T staff
- Ability to quickly grasp complex situations
- Recognized for the business and IT risk expertise
- Performing risk assessment (based on an improved risk assessment methodology) to identify the most important risks and mitigations, including strategic IT projects; control monitoring, challenge and advice on closing issues, risk acceptances and waivers
- Expert in IT Risk and recognized as such internally and externally;
- Broad and deep IT Risk knowledge/experience
- Operational and holistic thinker
- Excellent consulting and communication skills
- Able to build and maintain networks
- Set IT policy and IT (technical) standards
- Have external focus.
Knowledge and skills
- Academic degree in IT Risk management (like RE or comparable IT audit master)
- Minimum of 8 years’ experience in IT Risk management or IT audit, preferably at a financial institution
- Experience with the implementation of DORA
- In depth knowledge of IT Risk management framework and how they can be used in a complex company
- Trusted advisor to management of corporate departments supporting them in their (IT) decision making and helping them reach their business and IT goals
- Therefore the manager needs:
- Excellent social and consulting skills
- Very good analytical and judgement skills
- Have an helicopter view
- Have high (organization) sensitivity
- Ability to innovate and eager to learn
Work environment
The IT Risk Manager a.i. will be part of the D&T team that operates globally. The Interim IT Risk manager will report to the manager IT Operations. The IT Risk Manager will closely work together with the Corporate Cyber Security Department and the regional Operational Risk and Compliance departments.
The main activities
The main activities of this role are:
- Performing risk assessment (based on an improved risk assessment methodology) to identify the most important risks and mitigations, including strategic IT projects
- Participating in Operational Due Diligence and RFP’s
- Reviewing IT corporate risk policies (e.g., Information Security Policy, BCM Standard, Crisis Management Standard) against regional and local regulations specific for the business;
- Owning and managing the IT General Controls for internal and external audits. And delivering or coordinating the delivery of the related evidence/documentation.
- IT risk reporting to Risk Committee
Interested?
Are you interested in this interim role? We look forward to receiving your cv. For more information about the role, you can contact Patricia Koekenbier @ patricia@himanagement.nl or 06-30400141