Participates in the establishment of the IT & Cyber Risk Assessment Program for the bank within the three lines of defense model in alignment with the Group Risk Management Framework.
Participates to the effective implementation and communication of Operational risk management policies and guidelines.
Participates in the overseeing of the Operational risk management infrastructure and ensures practices are consistent with regulatory expectations and industry sound practices.
Provides IT & Cyber risk management consulting to the business, technical and operations groups.
Participates to appropriate risk management governance committees and arranges agendas as appropriate.
Participates to the oversight model of IT and Operations Transformation projects including the review of major outsourcing partners.
● 职位要求:
8到15年的信息安全经验;
拥有信息安全相关的专业资格;
金融部门的法规;
对大型技术基础设施和信息系统架构有良好的理解;
必须有金融服务行业的工作经验;
有GRC工具和其他风险管理信息系统经验者优先;
掌握英语和法语,西班牙语是优势;
● Requirements:
8 to 15 years Information Security experience specifically in risk assessment, third party and technology assessments.
A professional qualification relevant to Information Security (such as a university degree, CISA, CISSP, CISM, CRISC, ITIL);
Knowledge of regulations applicable to the financial sector (ie. Basel, ECB, AMF, FSA, FFIEC, SMA, HKMA, FED, CNI requirements, EBA…);
A good understanding of large-scale technology infrastructure and information systems architecture;
Excellent understanding of emerging technologies: CLOUD, IoTs, etc.
Experience with GRC tools and other risk management information systems is preferred.
Bilingual : English and French, Spanish is an asset;