This role will support the day-to-day execution of oversight and monitoring of 1st LOD Operational Risk Management for systems and technology, cybersecurity, data management and operational resiliency risks. The role will be instrumental in supporting the build-out and transition of the second-line oversight and monitoring the transition into a new banking group.
The individual will be responsible for:
Being instrumental in helping with the build-out of the second line oversight and monitoring of the first line’s adherence to the Enterprise risk management and Operational Risk Management frameworks to drive and enhance risk management for the bank.
Provide technical 2nd-line oversight of information security and technology, ensuring risks are identified and reported as appropriate.
To work closely with the 1st line to improve and facilitate the effectiveness of technology and security risk management and resilience
Develop strong and effective working relationships across all 3 lines of defence to facilitate effective identification, management and remediation of information security and technology risk
Undertake risk-based reviews of key information security and technology processes and controls, where appropriate
Develop strong and effective working relationships across all 3 lines of defence, at Group and within the business to facilitate effective identification, management and remediation of information security and technology risk.
Provide oversight of Operational Resilience framework, tools and methodologies in line with regulatory requirements to enable the organization to achieve its strategic objectives
Provide oversight of key operational resilience deliverables including important business services, impact tolerances, resource mapping, vulnerability assessments and scenarios testing
Produce risk management information and risk review assessment for UK Risk and Board Risk Committees, as appropriate.
Provide challenge to the business/project on the risks associated with the change activities and transition of risks to BAU
Perform adequate and effective challenges of the data migration activities by reviewing the relevant project artefacts which include but are not limited to approach, planning, extraction, transformation, loading, validation and testing of data to ensure continued availability and integrity of datasets. Ensure relevant risks are identified and tracked via programme governance
Identify material operational resilience risks arising from the migration/integration activities across, cyber, IT infrastructure, operational controls, people, business continuity and third parties, proposing appropriate strategies to protect and recover from identified and emerging risks
Assess operational stability by analysing incident trends and root causes post migration
Knowledge:In-depth knowledge of cyber security, information technology, fraud risk management, data risk management, identity and access management, physical security or operational resiliency processes and controls.
Competencies and Skills:
Team player who is comfortable working in a dynamic and fast-paced environment
Ability to work independently and directly with business units including all levels of management
Proven problem solver with the ability to provide in-depth analysis and recommendations on complex problems and manage risks
Strong interpersonal and partnership skills and the ability to positively influence outcomes, particularly in difficult situations
Willingness to continue learning and to research and interpret laws and regulations
Strong sense of accountability and work ethic
Effective project and time management skills
Experience in the FS industry in an Operational Risk, Technology Risk Management or Audit role with a focus on Technology, Cyber and Data
The candidate should have deep domain expertise including thorough knowledge of risk management for IT infrastructure, information security and cyber risk, data governance and privacy risks
Education and/or Experience:
BA/BSC Degree preferred or several years of related experience
Few years of experience leading in risk management activities in information technology, cybersecurity, data management or Operational resilience preferably within the financial services sector.
Experience in working with risk, security and audit frameworks (CRI, ISO27001/2, NIST 800-53, COBIT, COSO, FFIEC)