Operational Risk and Advisory IT and Information Security Specialist

Job Description

The position of Operational Risk and Advisory IT and Information Security Specialist is part of the Operational Risk Function, a critical component of the second line of defense. This role is responsible for the comprehensive monitoring of operational risk activities, with a strong focus on new technologies, information security, and cyber risks.

Main Responsibilities

The main tasks include:

• Development, implementation, and execution of risk management activities, particularly with regard to risk assessment and consulting, especially in the areas of new technologies, information security, and cyber risks.
• Collaborating with business units to integrate advanced risk management practices into their operations.
• Conducting ad hoc risk assessments and analyses, particularly with regard to information security and cyber threats, to identify potential issues and propose effective mitigation measures.
• Conducting incident analyses to determine the causes, identify mitigation measures, and ensure that follow-up actions are carried out.
• Providing advisory support to business units, including reviewing the internal control framework with a focus on IT and information security, to support the bank’s sustainable business development.
• Providing expert advice on risk mitigation strategies, particularly with regard to information security and new technologies.
• Preparation of risk assessment reports and presentations for risk management leadership and other relevant stakeholders, with a focus on cyber risks and technological vulnerabilities.
• Actively participate in the implementation of new digital solutions to support the global rollout of the internal control system and ensure that these solutions address information security and cyber risks.

Skills and Experience

The required skills and experience include:

• A bachelor's degree in business administration, economics, natural sciences, information security, or a related field.
• 10 years of professional experience, including consulting or auditing at a leading professional services firm and/or in a comparable position at a market-leading bank.
• A strong understanding of core banking systems, end-to-end transaction processing, and cybersecurity principles.
• Proven ability to write reports and communicate effectively with a senior audience.
• Excellent analytical skills and a structured approach to problem-solving and reporting.
• Excellent communication skills in English, both written and spoken.
• Ability to work independently and as part of a global team in a fast-paced environment.
• Experience with new technologies and a deep understanding of information security and cyber risk management.

Our values

Our values include:

• Responsibility: Taking responsibility for tasks and challenges and striving for continuous improvement.
• Hands-on: Proactive delivery of high-quality results.
• Passion: Commitment and pursuit of excellence.
• Solution-oriented: Focus on customer results