Risk & Control Analyst, CyberSecurity Services

WYMAGANIA:

• Bachelor / Honours Degree in Information Technology, Computer Science, Cyber Security or other technology related qualifications or 6+ years of experience in cyber/IT security, technology audit or assurance, which must include some element of experience in a ‘first line’ security or assurance team.
• Fluency in English, both oral and written.

Preferred (but not essential):

• Background in the information and cyber security domain within international financial services organisations.
• Demonstrated ability to support a ‘first line’ function in responding to external/regulatory audits.
• Up to date with key regulation / developments in Information and Cyber Security Management Framework (including Technology Risk Management), Data, Privacy and Automation.
• Professional Qualifications (i.e. CISSP, CCNA and CCNP).
• Risk & control, assurance or audit experience.
• Ability to challenge the status quo.
• Excellent organisation skills with ability to manage multiple deadlines and effectively prioritise workload.
• Strong interpersonal skills to foster positive relationships with internal and external stakeholders.
• Highly effective oral and written communication skills, with an ability to influence and to gain the respect of senior stakeholders and peers.
• Ability to exercise good judgment and objectivity.
• Demonstrates ability to work with limited direction and multi-task without loss of quality.
• Confident and courageous to raise/escalate issues in a pro-active, professional and timely manner.
• Sharp attention to detail and internal quality control.
• Able to effectively present the findings with a clear, concise manner.
• Can do attitude, solution-oriented mindset and self-driven person.
• Ability to identify opportunities for continuous improvements.
• Demonstrate understanding of and commitment to the Group’s core values.

ZAKRES OBOWIĄZKÓW:

• Perform all risk and control activities related to all people, processes, and assets within the CSS SMA function.
• Act as the confidant to the CSS SMA ‘Process Owner(s)’ responsible for developing, prioritizing and implementing controls.
• Provide timely and accurate risk & control MI to the management within risk management systems and repositories.
• Timely response to RFIs (Request For Information) towards supporting LRM and Regulatory Assessments.
• Deliver risk focused, timely and re-performable deep dive reviews.
• Support design and maintenance of internal processes that allow CSS SMA to dynamically monitor risk as well as effectively mitigate identified gaps.
• Maintain CSS SMA controls and corresponding metrics.
• Drive compliance with the Bank’s risk framework and policies.
• Support the delivery of the Conduct Risk Management plan.
• Support Process owners in the execution of their risk management accountabilities.
• Support liaison with Group Internal Audit and any third party or regulatory inspections.
• Adopt an anticipatory approach to risk assessment through stakeholder engagement and monitoring of the external environment.
• Work with other control assurance teams to drive efficiency, effectiveness and reduce duplication.
• Provide robust challenge and escalation to senior management to ensure activities achieve risk reduction.
• Support activities related to control design, assessment, testing processes and drive continuous improvement.
• Provide timely and accurate reporting to appropriate committees.
• Ensure appropriate oversight and facilitate resolution of high impact risk and issues.
• Work with the CSS Service Lines to identify emerging risks and ensure they are appropriately addressed and subjected to formal governance.
• Support continuous improvement of the CSS internal risk profile reporting, issue management processes and supporting tools.