IT Risk Analyst

Kraków

IT Risk Analyst
Kraków
NR REF.: 1148692

Your new company
For our Client, well-known international financial institution located in Kraków we are looking for a person interested in the role of IT Risk Analyst. The role is available fully remotely.

Your new role
The primary objectives of the role is to:

• Oversee the end to end health of the control environment
• Participate in audit (internal and external) and risk related regulatory engagement as the technology controls SME for data related controls
• Provide risk and controls consultancy, advice and guidance to the team and key Business stakeholders
• Ensure the appropriate application of policies control standards and procedures
• Member of relevant governance forums, Audit and regulatory reviews etc
• Advocate the desired behavioural changes across the Department to mature the understanding and management of technology risk controls
• Partner with the CCO and Business teams to create effective design, analysis and remediation of control measures
• Contribute to the application and critique of the Technology risk and controls framework

CCO Execution

• Partner with the CCO team to provide risk and controls consultancy, advice and guidance across the Department
• Operating as a Subject Matter Expert Role for the Risk Management Framework
• Work with Technology to support internal and external Audit and risk related regulatory engagement

Control Expertise

• Influencing, explaining and managing effective design, analysis and remediation of control measures
• Work with Technology to create an effective design and efficient operation of controls
• Accountable for the deployment of the Operational Risk Management Framework
• Responsible for identifying emerging risks and threats and deficiencies with deployed key controls
• Opine on control environment, form risk assessments, provide advice on remediation plans

Governance

• Implement robust governance in relation to risks and ensuring all stakeholders have visibility of key risks and remediation activity
• Ensure Technology remains within its risk appetite
• Work with Technology to design and deploy key controls, key control indicators, evidence requirements and tools to ensure control effectiveness
• Validate control measures include RCA, KRIs, KCIs, control operation, test approaches, reviews, audits, judgment based attestations, supplier audits, sampling of supplier procedures

Risk Culture

• Engage key stakeholders to promote positive behaviour and actively manage risk
• Work closely with Technology to develop and monitor risk remediation program activities and actions to ensure delivery within acceptable timelines
• Focusing on Technology top risks and threats, including new/emerging top risks, to ensure they are fully understood and that controls that mitigate these risks (key controls) are effective, efficient and where possible automated, rather than being comprehensive
• Responsible for embedding risk and control management framework

Leadership & Teamwork

• Role model a positive internal risk and control culture across Technology teams and shape the climate, tone and environment in which people work
• Make considered decisions that protect and enhance values, reputation and business
• Oversee the execution and remediation of thematic reviews / investigations / compliance reviews in response to internal or external events within Technology

Operational Risk Management

• Consistently display positive leadership behaviours related to the management and mitigation of risk, including notification and escalation of any concerns and ensuring timely action in relation to points raised by audit, 2LoD and external regulators
• Continually support Organisation's approach to conduct, which is designed to ensure we deliver fair outcomes for our customers and do not disrupt the orderly and transparent operation of financial markets
• Maintain awareness of operational risk and minimise the likelihood of it occurring, including its identification, assessment, mitigation and control, loss identification and reporting in accordance with section B.1.2 of the Group Operations Functional Instruction Manual - FIM
• Ensures that internal control standards are met, including timely implementation of audit actions together with any issues raised by external regulators
• The jobholder will adopt the Group Compliance Policy by escalating any identified compliance risk in liaison with, Global Compliance Officer, Area Compliance Officer or Local Compliance Officer. The term ‘compliance’ embraces all relevant financial services laws, rules and codes with which the business has to comply
• This will be achieved by adhering to all relevant processes/procedures and by liaising with Compliance department about new business initiatives at the earliest opportunity. Also and when applicable, by ensuring adequate resources are in place and training is provided, fostering a compliance culture and optimising relations with regulators

What you'll need to succeed

• Demonstrate a high degree of knowledge across the following frameworks and methodologies covering Agile, Devops, Business Transformation Framework, Project Management and System Design
• Advise on new projects and products identifying key potential Risks and make recommendations to address them
• Understanding of Critical Business Services and Infrastructure consumed by the Global Businesses and Functions and how Operational Risk is being managed for these services.
• Ability to drill down to root cause and write/review clearly articulated risk documentation
• Able to analyze complex situations, influence strategies with practical, effective solutions

Knowledge & Experience

• Strong knowledge of Operational Risk and / or Audit
• Relevant experience preferably within a risk management related role
• Relevant working experience in Financial Services industry
• Knowledge of Operational Risk modelling
• Open personality with effective communication skills
• Lead and coordinate with colleagues and key stakeholders in an international team
• Complete presentations, training and lead workshops
• Planning and project management skills
• Ability to work independently with limited supervision
• Communication - Ability to present complex issues confidently and concisely to Technology and HOST Senior Executives and other key stakeholders using non-technical easily understood language
• Make considered decisions that protect and enhance values, reputation and business
• Degree in information security, computer science or computer engineering qualifications desirable
• Certifications CISA, CISM, CISSP, CRISC, COBIT or ITIL desirable

What you'll get in return

• Be part of dynamic IT environment
• Parking few minutes away from the office,
• Relax room (with massage chairs and area for yoga/stretch)
• On-site medical consultations in the office,
• Childcare policy,
• Bicycle racks in the underground garage and around the office; showers dedicated to cyclists,
• Game room (with Xbox, PS consoles and foosball table),
• Private health care (different options – from basic to VIP), employees’ benefits: private life insurance, multisport,
• Work and Learn from teams with mature process and tools to ensure the best in class deliverables,
• Casual dress code.

What you need to do now
If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.