ICT Risk Management Officer

Job Overview

We are looking for a highly skilled ICT Risk Management Officer to join our Information Security team. This key role involves identifying, analyzing and mitigating risks associated with our Information and Communications Technology (ICT) systems, with a particular focus on supporting compliance with the new Digital Operational Resilience Act (DORA) regulation.

Key Responsibilities

• Risk Identification and Assessment: Conduct thorough assessments of ICT risks, including emerging threats, vulnerabilities and potential impact on banking operations. Assist in the identification, assessment and treatment of IT, information security, third party and data related risks.
• Risk mitigation: Developing and implementing strategies to mitigate identified risks to ensure that ICT systems are secure and resilient.
• Policy Development: Create and maintain ICT risk management policies, procedures and frameworks in line with DORA regulatory requirements and industry best practice.
• Monitoring and reporting: Continuous monitoring of the ICT risk environment and provision of regular reports to senior management, highlighting key risks and mitigating actions. Preparing risk management reports for the relevant Group governance bodies. Ensure action plans are in place for risks outside the Bank's risk tolerance.
• Stakeholder Collaboration: building and maintaining strong and positive working relationships with first and second line stakeholders, ensuring effective communication and collaboration. Participate in the coordination and delivery of IT and information security risk and control improvement activities and report on the results.
• Regulatory compliance: Ensuring compliance with DORA and other relevant regulatory requirements, standards and guidelines relating to ICT risk management. Staying informed about emerging risks affecting the financial sector.
• Training and awareness: Conduct training sessions and workshops to raise awareness of ICT risks and promote best practices throughout the organization. Education and awareness-raising within the bank for best practices in risk management.
• Incident management: leading the response to ICT-related incidents, ensuring timely resolution and post-incident analysis to prevent recurrence.

Skills and Experience Required

• Educational background: Bachelor's degree in information technology, computer science, risk management or a related field. A Master's degree or professional certifications (e.g. CISSP, CISM, CRISC, CISA) are preferred.
• Experience: At least 4 years' experience in an information technology risk role, preferably within a financial institution or consulting firm.
• Technical expertise: Strong understanding of ICT systems, cyber security, risk assessment methodologies and mitigation strategies. Experience in designing and implementing international IT and information security frameworks such as ISO, NIST, COBIT.
• Analytical Skills: Excellent analytical and problem solving skills, with the ability to identify and assess complex risks.
• Communication Skills: Strong verbal and written communication skills, with the ability to effectively convey technical information to non-technical stakeholders.
• Project Management: Proven experience in managing risk-related projects and initiatives, with the ability to prioritize tasks and meet deadlines.
• Regulatory know-how: Familiarity with European and Swiss regulations relating to information technology (IT), information security, including the EU Digital Operational Resilience Act (DORA).
• Language skills: Fluent in English.
• Personal qualities: Self-motivated, organized, able to work under pressure and manage priorities in a fast-paced environment.