IT Risk Manager
Great place to work!
Over onze klant
MUFG Bank Europe (MBE)
Taken en verantwoordelijkheden
Overall Purpose of Job:The job of IT Risk Manager is a critical and influential one, especially in an environment as MBE which relies on a combination of self-managed an external IT services and multiple core systems and infrastructure, which are serviced by the parent company. The primary purpose is to ensure that relevant IT risks and associated risks are consistently identified, assessed and managed across the organization and in compliance with both internal and external (regulatory) rules, policies and guidelines. The IRM provides expertise on all aspects of the Bank's overall Information Technology Risk Management framework which may be extended with Data Risk, Cyber Security Risk, Project Risk and Vendor and Outsourcing Risk.
IT Risk within the Bank is defined as the risk of loss and related risk, arising from destruction, suspension, malfunction, misuse of IT, or unauthorized alteration and leakage of electronic data, which are caused by inability of system planning, development and operation, threats and vulnerabilities to IT security including cybersecurity, or external factors, such as disasters.
This second line of defense function forms part of the Operational Risk Management which is responsible for:
- Identification, measurement, assessment and mitigation of risks.
- Support and advice in design and deployment of the overall risk management framework, including risk strategy, policies, appetite and tolerance.
- Risk monitoring, control and reporting.
- Challenge and escalation of risk and/or control issues to Management.
The IRM is part of the ORM IT Risk Management team (3) which covers IT Risk, Data Risk, IT and Cyber Security Risk, Project Risk and Vendor and Outsourcing Risk Management. Team cooperation, collaboration and responsibility are key for further establishment, development and improvement of the risk management area for which the agile practices are being embraced.
The Vice President IT Risk has a direct reporting line to the Head of Operational Risk Management.
- Provide expert advice and guidance to the business units to ensure identification, measurement, assessment and consistent management of all IT risks.
- Maintain IT Risk Library (Events, Scenarios and Control objectives) which is being designed based on COBIT/FFIEC*.
- Monitor adherence to MUFG's framework of rules and policies as well as local laws and regulations and ensure embedding of risk management principles and practices in the Bank's daily business operations.
- Perform KRI Monitoring, System Risk Assessments and Scenario-based Risk Assessments.
- Escalation of (potential) risk events and regulatory breaches in accordance with the Bank's risk governance framework.
- Cooperation with Compliance regarding country-specific legal and regulatory requirements relating to IT Risk Management.
- Contribute to increased risk awareness in the organisation by providing appropriate training.
- Preparation of IT Risk Management Information reports comprising the Bank's risk exposures and control performance.
- Documentation of relevant policies and procedures.
- Lead or participation in required projects or initiatives in facilitating the identification and evaluation of risks and controls, providing expertise and recommending proportional cost effective and efficient solutions.
- Contribute to Data Risk-, IT and Cyber Security Risk-, Project Risk- and Vendor and Outsourcing Risk Management of the IT Risk team's workload, depending on expertise, experience and ambition of the candidate.
- Being critical and promote changes to systems, processes and working practices in order to achieve operational improvement.
- Pro-actively develops and maintains relationships with a wide range of keys contacts in all areas of MUFG.
The function requires:
- Wide practical experience across IT Risk and Quality Management, performing and organising IT Risk assessments, IT Controls, (ITGC's, SOX control testing), IT Risk frameworks (COBIT/FFIEC).
- Experience in Data Risk, IT and Cyber Security Risk, Project Risk and/or Vendor and Outsourcing Risk Management.
Functional/Technical Skills and Knowledge requirements:
- The Vice President IT Risk should have a Master degree and 5-10 year experience in the field of IT Risk Management, and associated risks Data Risk, IT and Cyber Security Risk, Project Risk and/or Vendor and Outsourcing Risk Management).
- Knowledge of key relevant legal, regulatory and statutory requirements, technical interpretation and the ability to provide advice thereon.
- Comprehensive understanding of MUFG's overall strategy and goals, risk profile, policies and culture together with a detailed knowledge of the policies, operations, systems and key strategies in own business unit.
- The ability to formulate plans and strategy taking into account the wider business unit strategies and requirements. Takes full account of all related risks and controls and their impact.
- An up-to-date understanding, of the wider financial services industry, IT industry, regulatory changes (e.g. ECB, EBA, DNB) and pertinent economic and political factors which may impact on MUFG's business and overall aims.
- A sound appreciation of the appropriate legal and technical procedural factors pertaining to banking/financial services and how these may impact on the business/customer relationships. Maintains close contact with external organisations / professionals for exchange of information, developments and the sharing of best practice.
- Certificates: COBIT5, CRISC, CISM.
- Experience with Agile/SCRUM/DevOps/Lean.
- Can do, flexible attitude.
- Influencing skills.
- Excellent verbal and written communication skills in Dutch and English are essential. Strong business acumen, communication skills, networking and influencing skills. Complex problem solving skills. Broad understanding and feel of the applicable regulatory requirements.
The High Performance Capability Framework outlines the behavioral requirements for your corporate title. All 10 competencies are applicable;
- Integrity and Responsibility
- Balance Risk with Opportunity
- Customer Focus
- Demonstrate Global Perspective
- Professionalism and Teamwork
- Drive For Results
- Collaborate and Build Partnerships
- Communicate Effectively and Professionally
- Challenge Ourselves To Grow
- Influence and Inspire Others
- Lead Change & Seek Continuous Improvement
- Think Strategically
- Manage and Develop Talent
Good remuneration package and good secondary benefits. And working in am international environment with lots of challenges and interesting stakeholders.