Your Key Responsibilities
- Collaborate with businesses and support them in conducting Risk & Control Assessments as per NFRM guidelines specifically focusing on Information Security (IS) / Information Technology (IT) risks
- Analyze contextual data and relevant data triggers and determine or update risk profile, inherent risk, control environment and residual risk ratings along with supporting rationale, liaising with Risk Types SMEs in their business
- Participate in 1LoD-led RCA meetings for business to drive the risk discussions, focusing on key or emerging risks that may impact the business
- Coordinate with businesses/2LoD and assist in 2LoD challenges
- Prepare RCA reports and obtain business sign-offs
- Document risk mitigation decisions, if required, with consideration of risk appetite
- Deliver high quality Global Governance decks and reporting trends to support senior management
Your Skills & Qualifications:
- CISA/CRISC or relevant security qualifications with experience of Risk & Controls and/or Internal Audit in banking industry covering Information Security (IS) / Information Technology (IT) risks
- Experience in SOX/ ISO27001 control framework
- Knowledge related to risk management (including conducting Risk & Control Assessments) and corporate banking products, processes and systems preferred, specifically focusing on Information Security (IS) / Information Technology (IT) risks
- Ability to assess impact of control environment on inherent risk along with documentation of qualitative assessment
- Strong quantitative and analytical skills required to critically evaluate information for key risk assessments
- Familiarity with DB organization a plus, but not mandatory
- Strong project management skills and a proactive team partner
- Influencing, negotiation skills and stakeholder management expertise
- Strong verbal and written communication skills
- Proficiency with automating tasks in Excel to improve efficiency a plus, but not mandatory.
