The Risk Officer performs risk and internal control-related procedures of the Operating Entity. Given the critical role of the Operating Entities and the related risks, the Risk Officer is 100% dedicated to risk (full-time).
Interpersonal and communication skills are required to effectively translate complex IT, risk and general security issues and solutions into terms that can be presented and understood by both technical and non-technical audiences. In this highly collaborative role, you’ll have an ideal platform for building your network and advancing your career, while helping to create a safer environment for the organization.
- Provide support and guidance to the business on governance issues (including risk, & regulatory requirements).
- Maintain effective working relationships within the department and with Business representatives as appropriate.
- Provide support in ensuring all the audit related activities (Internal, External and third party) are managed efficiently and effectively.
- Review and process continual improvement of documented IT processes from a risk & compliance perspective
- Life-cycle: pro-active and timely execution of the risk management lifecycles (Integrated Risk and Control System / Non-Financial Risk Management, IT-Risk Management/Asset Risk Assessments, Third-Party Risk Management, System of Governance) and drive for full compliance with Technology Risk, Integrated Risk and Control System and Outsourcing Policy
- Assist in regular reviews of IT Risk assessments with the risk owners
- Manage periodic reporting requirements related to Risk activities to the direct report and to relevant Stakeholders
- Ensure successful accomplishment of the annual focus topics
- Support the timely delivery and high quality of the Control Assurance Report and other relates audit reports by emphasizing on the comprehensive coverage, quality and effectiveness of the internal control system
- Manage the preparation and running of the local risk committee
- Support the colleagues across the organization to improve understanding and embed a proactive risk culture through regular awareness sessions and continuous collaboration
- Maintain the interfaces with other safe guarding functions (Information Security, Data Protection, Compliance, Protection & Resilience, Internal Audit)
- Co-ordinate risk assessments, control testing, development of mitigation plans and it´s follow up
- Supports Business Owners and TPRM team in the identification and classification of outsourcing contracts and in fulfilling outsourcing requirements according to the Policies and Standards (e.g. Outsourcing Due Diligence, Exit Plans).
- Supports the business owners in preparing and reviewing approval of Global Project Portfolio applications or other project and program risk assessments incl. their follow up on mitigation actions
- Multi-year professional experience, in different areas of IT risk management or other safeguarding functions.
- Good understanding of the risk categories: operational risk, IT risk, project risk, third party risk, business risk.
- Good knowledge of local service landscape and supplier relationships.
- Basic knowledge of local regulatory environment and standards like: COBIT 2019, COSO, ISO27xxx, ISAE/SOC.
- Strong communication and conflict management skills.
- Advanced skills in MS Office, knowledge of Service Now.
- Understanding of the requirements of the Solvency II regime.
- Strong stakeholder management and influencing skills
- Educated to degree level or equivalent
- Risk related certifications (e.g. CRISC) preferred but not mandatory