CISO team is tasked to ensure that the data and IT systems of the bank are appropriately protected whilst enabling technology advancements in line with business strategies. We play a pivotal role in fulfilling this mandate by providing IT risk advisory and technology risk assessment services of projects, applications, vendors and IT infrastructure to internal clients globally, helping them to understand IT risk exposure in their area.
We are looking for an exceptional candidate, whom wants to grow a successful career in Cyber Security and wants to be a part of the ambitious & highly focused team. If you are an IT geek interested in cyber security and looking for challenging career prospects, this may be an offer for you.
You will be a member for the CISO vendor risk management team - 3 people, whom will be supporting you in your daily work. With your team colleagues, you will co-coordinate the work of circa 12 assessors whom handle over 90% of the assessment scope. As the member of CISO vendor risk management team, you will be a part of a larger CISO Governance group - 9 people, whom will support you in your daily work providing advisory and guidelines whenever needed.
As an IT Risk Officer in the CISO Organization you will be responsible for Vendor IT Risk Management i.e.:
- Performing the IT Risk Assessments of bank external suppliers/vendors to ensure that they have sufficient IT controls in place to prevent data leakage, tampering or destruction.
- Ensuring that IT risk assessment methodology and processes are followed precisely, to the expected quality
- Reporting identified risks to the appropriate stakeholders
- Providing support to the required stakeholders in understanding and defining adequate mitigation actions to mitigate identified IT risks
- Providing advisory and risk opinion on risk identification and treatment
- Monitoring vendor assessment program progress and responding to the issues causing delays.
- Initiating risk assessments for the other risk assessment teams and help these teams' complete assessments within agreed SLAs.
Who we're looking for?
- IT knowledge - IT Security / Cyber security knowledge
- Fluent English speaking and writing skills - English is the language that we serve the service in.
- Proactive and self-manage nature
- Problem solving skills
- Ability to run a risk assessment, review documentation, interview the vendors to understand their IT set-up and be able to find the gaps in it.
- Ability to explain the complicated IT concepts to senior stakeholders with no IT background using simple language and fluent English.
- Ability to run the own book of work. Plan what to do within the upcoming week/month, complete long and short term tasks on time.
- Understanding of IT systems, understanding of IT security controls and how to implement them, understanding of IT threats and how to protect organization from them.