ICT Risk Officer at ICEA Lion Group

Job Summary

• The ICT Risk Officer will be responsible for assessing and enhancing the organization’s cybersecurity and technology risk posture by leading the identification and assessment of enterprise-level technology systems and cybersecurity risks. This includes assessing potential cybersecurity and technology risks associated with critical business systems, processes, identifying potential impacts on those systems, processes, and engaging with diverse stakeholders to develop mitigation plans where necessary. In addition to coordinating risk assessment activities, this role will involve developing reports on assessment results and presenting these results to executives and other stakeholders.

Key responsibilities
Risk Management 

•   Implement and oversee the ICT Risk Management Framework.
•   Identify, assess, and design mitigation controls for risks, monitoring them until closure.
•  Conduct system vulnerability tests according to Group policies and global standards, and provide management with reports on vulnerabilities and protections against malware and hackers.
• Perform system penetration testing throughout various stages of system development to ensure system integrity, availability, and assurance.
•  Collaborate with first-line IT teams and business units to enhance internal control processes related to risks and controls; tech control library required to meet risk framework objectives.
•  Identify, review, and articulate business risks associated with technical vulnerabilities and IT risks, proposing improvements and opportunities to support business objectives.
•   Test and assess the adequacy and effectiveness of control structures, providing practical recommendations to enhance control or process efficiency.
•    Monitor and report on IT risk remediation progress, escalating issues to senior management when necessary.
•    Lead or participate in second-line Information Security and Technology risk management activities, including cyber security risk assessments, SOC reviews, privacy assessments, technology selections, implementations, and data analysis.
•    Keep abreast with current advances in all areas of ICT security.
•  Maintenance of Group ICT risk dashboards; ICT security incidents, compliance status of ICT security policies,  Key Risk Indicators (KRIs)

Stakeholder Management 

•  Collaborate closely with departments such as IT, compliance, and internal audit to ensure a comprehensive approach to risk management.
•  Engage with external partners and vendors to align their practices with the organization's risk management standards.
•   Support the implementation of the Group’s Enterprise Risk Management (ERM) Framework.
• Organize and participate in training and awareness programs for staff on ICT risks and best practices for risk management, promoting a culture of security awareness
• REPORTING
• Prepare and present regular reports on the status of ICT risks and risk management activities to senior management and stakeholders.
•   Continuously monitor and report on new and emerging risks in the ICT landscape.
• Assist the Group Head of Risk and Compliance in preparing Board Update reports on the ICT control environment.
• Assist in preparing responses to technology-related regulatory requests and participate in regulatory and external audit reviews.

Requirements

• 5-7 years of Information Security and/or IT Audit experience with a financial institution, a fin tech company, or a provider to the financial services
• Bachelor’s degree (or higher) in Computer Science, Information Systems or related field required
• Master's degree in Information Systems/Cyber Security preferred
• CISA, CISM, CISSP, CIA, CRISC, CGEIT certifications are highly preferred
• Solid understanding of inherent and residual risk management principles, including experience with control design, operation, and effectiveness testing.
• Experience in a current knowledge of best practice IT controls and industry-standard models (e.g., COBIT5, ITIL, NIST) and proven understanding of regulatory requirements.
• Cloud security experience highly desired
• Expert in security practices, the design of secure systems and the operation of security processes and technology.
• Subject matter expertise in two or more: DevOps, microservices, hybrid cloud, network segmentation, AI/ML

Competencies required for the role

• Ability to work unsupervised, exercise leadership, and influence change.
• Excellent writing and presentation skills.
• Strong change and project management skills, including the ability to manage time well, prioritize effectively, and handle multiple deadlines.
• Ability to use independent judgment and discretion when making majority of decisions.
• Ability to handle confidential and sensitive information with the appropriate discretion and ethics.
• Ability to engage with management.
• Excellent communication and interpersonal skills / team player.
• Ability to prepare and facilitate training as a Subject Matters Expert (SME)
• Good analytical capabilities.