Conduct Information System risk assessments for new and existing systems, applications and programs to ensure compliance with the bank’s security policies and regulatory requirements.
Identify weaknesses or security exposures and prescribe solutions to mitigate the risks related to those weaknesses and exposures.
Perform periodic and surprise systems security assessments.
Identify and evaluate business technology risks and internal controls which mitigate risks, and related opportunities for internal control improvement and propose risk treatment plans.
Guide the general activities and concerns of the Bank’s IT function.
Liaise and coordinate with respective Operational Risk Champions to review IT risk and control self-assessments.
Develop and monitor IT key risk indicators.
Monitor and track IT risk events and follow up on associated action plans to closure.
Analyze audit findings and assist in implementing audit recommendations
Maintain an up-to-date understanding of emerging trends in information security risks; apply new techniques and trends, in line with overall information security objectives and risk tolerance
Develop, document, maintain and support the information security risk management program in line with information security policy, practices and leading industry standards
Assist with assessment of vendors and business contracts for evaluation and tracking of risk changes Support in the development of policies/standards/guidelines/best practices.