Job Description
The CIB Egypt is currently recruiting for the role of Technology Risk Officer
Duties and Responsibilities
Your main responsibilities in this role include the following:
Review and maintain Technology Risk Management Policy and all associated policies and procedures related to the six domains of the Technology Risk Management as a governance activity to identify areas of improvement and formulate possible solutions that ensure robustness of Technology Risk Management Framework in compliance with bank standards and regulations.
Actively contribute with relevant departments to identify risk gaps and early warning signals for Technology Risks that could arise from any change in systems, services, processes or procedures.
Actively contribute in defining, maintaining and enriching Technology Risk Managements’ Metrics, Taxonomy and Severity Scale as well as proficiently practice Technology Risk Management techniques, methods and tools that were designed to ensure that all technology risks are adequately captured and managed. Moreover, prepare training materials and carry out communications activities in alignment with relevant stakeholders in order to improve mindset and knowledge.
Aggregate all Technology Risk Management’s information and activities across First and Second Lines of Defense, assist in root cause analysis for risks and maintain a proper and updated Technology Risk Management’s risk log including all residual and potential risks’ investigations and documentations to provide a standardized overview of technology risks.
Execute monitoring activities for technology risks. Design trend analysis for technology risks and incident reporting as well as carryout and maintain Technology Risk management dashboards and KPIs to be directed regularly to relevant Risk or Technology Committees, Senior Management and the Board of Directors in order to drive more informed decisions.
Review and concur on Risk Acceptance Forms (RAF) and Corrective Action Plan (CAP) related to Technology Risk Management in cooperation with IT, Security & Resilience Management, Analytics & Data Management areas prior submitting to NFRCC, to ensure effective response to identified technology risks as well as ensure effective tracking for CAP progress, significant technology Risks’ status.
Assist and support the first line of defense in defining granular list of Technology Risk Management’s KRIs/RAIs and regularly scan KRIs/RAIs for new requirements and consolidate them in a comprehensive view, to provide indication of the risk appetite and tolerance through metric setting (KRI threshold) and to ensure the effective alignment of Technology Risk Management strategy with the approved Risk & Business Strategies.
Perform independent assessment on controls defined and executed by first line of defense provide support in controls’ development to ensure that they are in place and meet defined policies. Define control testing plans and monitoring control testing results to ensure the effectiveness of controls in preventing or detecting Technology Risks.
Assist, support & challenge from technical prospective the risk assessment activities, controls, mitigation plans and quality control activities implemented by first line of defense in Technology Risk and Control Self-Assessments (Technology -RCSAs) to ensure adequacy and robustness of Technology Risk’s IMMMR.
Contribute in reviewing Technology Risk Management’s memorandums submitted to BCOIT & NFRCC committees to highlight potential technology risks and improve more informed decisions.
Job Requirements
Bachelor of Engineering, Computer Science, Information Technology or its equivalent.
For Officer 3 – 5 years in Risk Management, Information Technology or a related discipline.
For Senior Officer 5 – 8 years in Risk Management, Information Technology or a related discipline.
Good knowledge of the Bank’s business environment, technology controls and Risk Management.
Recommended Certifications:
IT Infrastructure Library (ITIL) Foundation.
GIAC Information Security Fundamentals (GISF).
GIAC Critical Controls Certification (GCCC).
Certified Information Systems Security Professional (CISSP).
Excellent command of English & Arabic Languages
Self-motivated with high degree of reliability.
Sound understanding to Information security and Cyber Security practices.
Strong troubleshooting and Analytical skills.
Very good presentation, communication and time management skills.
Ability to work successfully in a cross-functional team environment.
Job Details
Company: Commercial International Bank - CIB
Employment Type: Full-time
Job Location: Smart Village, Egypt
