Risk IT & Cyber Sr Analyst

Why apply for this role?

In this high-profile role, you will be you will be responsible for implementing and overseeing the different initiatives included within Risk Management Program according to the Cyber & IT Cyber Risk Model. The role will develop IT & Cyber risk methodologies and concepts and all activities related including also coordination and participation with Operational and Enterprise Risk Management exercises.

This role should be also be responsible of new emerging risks derived from Third Parties Management, Business continuity planning and Transformation management.

You’ll be a key member of the team – helping to update the bank risk appetite, developing risk policies, setting and reviewing risk indicators and evaluating controls in addition to participate in the development of several digitalization projects.

If you’re someone who’s performed a similar role already, this is the perfect opportunity to develop your career.

What you’ll be doing

• Acts as an IT/Cyber subject matter expert while providing leadership, guidance, and mentorship to other project managers. With effective and collaborative relationship with all 1LoD and Group key stakeholders.
• Review the compliance of IT/Cyber, Third Parties, Business Continuity and Transformation Management policies and procedures related.
• Implement the IT/cyber oversight program. Including scope, maturity capability and vulnerabilities follow-up.
• Supporting the Chief Operational Risk and Data Protection Officer to bring together a holistic picture of the technology and communication risk across the bank and providing advisory and guidance on new technologies risks.
• Maintaining oversight of Data Management risk across the bank.
• Responsible for Op. risk exercises related with IT & Cyber: events escalation and reporting, RCSA, KRIs, Scenario analysis, related insurances and mitigation actions. Also complete the necessary CPCs and quality assurances.
• Implement the Business Continuity Management model, coordinating the implementation of the Business Continuity Plan, ensuring the deployment, maintenance and continuous improvement. Includes Resilience Strategies, BIAs, Scenarios, and organizing and developing the annual testing plan.
• Oversight of the Third Parties, reviewing IT, Cyber and Data Protection questionnaires and monitoring of contracts, certifications and SLAs.
• Support on the bank fraud model implementation.
• Actively participate in the different relevant forums (IT&Cyber committee, IT incidents and Vulnerabilities forums) and responsible for the IT/Cyber presentations materials.
• Support and monitor the internal and external IT & Cyber audits reviews. 
• Propose and follow mitigation actions for IT/Cyber incidents, weak controls or new threats.
• Maintaining up-to-date in-depth industry and technical expertise in the areas of focus, as well as related regulations (EBA ICT and security risk management, ENISA, FINMA, etc).
• Participating in certifying controls for ISAE3402.

What we’re looking for

• Expertise and in depth understanding of the risks arising from the deployment and use of technology.
• Experience working in, or closely with, IT/Cyber Risk and Strategy.
• Knowledge of key IT Security technologies and architecture (firewalls, Virtual Private Networks, vulnerability / penetration testing and other security devices).
• Understanding of private banking products
• Knowledge of European and Swiss banking and regulation, specially DORA and FINMA Circular 2023/1 Operational risks and resilience – banks

Qualifications:

• Bachelor's Degree Computer Science, System Engineering, Technology discipline, or related field. Master’s degree preferred.
• At least 3 years of experience in related roles (Cyber Security, Internal control, internal or external audit, Op. risk, etc).
• Technology and computer skills, with the ability to effectively use Microsoft Office (Word, Excel, Outlook, Powerpoint).
• Understand Auditing Accounting and IT general controls (Computer Operations, Access Controls Systems, Change Management, Database Management and Operating systems).
• Languages: English and Spanish required. French will be considered a plus.

Desirable:

• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)

Competences: 

• Verbal and written communication skills. In a timely and straightforward manner.
• Ability to work independently with limited supervision.
• Analytical and problem solving skills as well as the ability to work independently
• Detail oriented with organizational skills.
• Time management skills and the ability to complete multiple projects simultaneously and in a timely manner.
• Adapts quickly to change and makes suggestions for increasing the effectiveness of change.
• Appropriately shifts attention and refocuses on new goals as a result of changes in priorities or competing work demands.