The Information Technology Risk Officer will support Degroof Petercam IT-Risk team and serve as the main point of contact to manage risks and red flag assessments for IT related initiatives and projects. He will manage our technology risk appetite process and provide support for our Enterprise Technology Risk Reporting process. The individual will also assist with risk reporting for the IT Risk Management & Information Security team and define requirements for additional risk reporting and oversight capabilities in line with the Operational Risk Management team.
- Serve as the chief point of contact for our Technology Risk Management & Information Security team.
- Provide support for assessing risks in technology related initiatives with risks and red flags identified during defined intake procedures.
- Assist in the definition of new metrics monitor Key Risk Indicators (KRIs) against Degroof Petercam technology risk appetite.
- Prepare the first line Risk report and track actions to reduce technology risk.
- Assist with the Technology Risk reporting operations, including scheduling key monthly meetings, monitoring key milestones, escalation of past due activities, problem triage and management, and archiving key monthly artifacts for audit purposes.
- Develop on-going technology risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for specific area.
- Adhere to internal policies and procedures, technology control standards, and applicable regulatory guidelines.
- Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement.
- Adhere to, advise, oversee, monitor and enforce enterprise frameworks and methodologies that relate to technology controls / information security activities.
- Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise.
- Experience in a highly regulated environment, specific experience with financials sectors
- Experience with European regulatory requirements (ECB, EBA, NBB, CSSF, ...)
- Advanced knowledge in industry frameworks and standards (NIST, ITIL, ISO27XXX, Sans CIS20, ...)
- Financial Services industry experience is an asset
- Expert knowledge of IT security and risk disciplines and practices
- Advanced knowledge of organization, technology controls, security and risk issues
- Demonstrated ability to participate in complex, comprehensive or large projects and initiatives
- Ability to serve as a lead expert resource in technology controls and information security for project teams, the business, organization and outside vendors
- have a Bachelor or Master degree with minimum 5 year experience
- Information Security Certification (CRISC, COBIT, CISM, CISSP) or similar knowledge
- Experience with Key Risk Indicators and Technology Risk reporting preferred
- Flexible, detail-oriented and stress resistant
- Able to set clear priorities and meet the deadlines
- Can take a position and defend his opinion