For a prestigious Asset management client of ours, we are looking for an IT Risk Manager to join the team in Zurich.
The Chief Information Security Officer (CISO) organisation is responsible for information security and IT risk management for the Asset Management division and has the following key responsibilities:
* Designing and implementing the strategy to ensure a consistent security and IT resilience across all entities.
* Promoting security awareness within the firm.
* Monitoring compliance with IT and information security policies and regulations.
* Advise and support the business and IT with their technology risk management responsibilities.
Your Area of Responsibility
As a member of the CISO organisation, the IT Risk Manager is responsible for ensuring IT and Information Security risks are identified and managed, supporting with the implementation of an effective IT controls framework, and promoting a risk management culture within the firm.
* Support the identification, assessment and reporting of IT, Information Security, and third-party IT provider risks.
* Participate in the coordination and delivery of IT and Information Security risk and control improvement initiatives.
* Monitor and evaluate control effectiveness, facilitate the development of improvement actions and report on assessment outcomes.
* Facilitate the IT service provider risk assessment process, ensuring all key control steps are complete and performing the final risk assessment.
* Review and challenge IT policies and standards to ensure they remain compliant with applicable regulatory requirements.
* Support in producing IT risk reporting metrics, including ensuring actions plans are in place for risks outside of appetite.
* Stay abreast with regulatory changes and emerging risks affecting the financial industry.
* Build and maintain strong and positive working relationships and effective means of communication with stakeholders in the business and other control functions.
Your Profile
* Minimum 4 years of experience in an information technology risk role, preferably within a financial institution or a consulting firm.
* Experience in designing and implementing international IT and information security frameworks such as ISO/IEC 27001, NIST, COBIT, or CIS.
* Familiar with the end-to-end third-party risk management process, including supplier due diligence and ongoing risk monitoring processes.
* Familiar with European and Swiss regulations relating to information technology (IT) and outsourcing, including the EU Digital Operational Resilience Act.
* Fluency in English and German (spoken and written).
* Industry standards certifications such as CRISC or CISA.
Seniority level
Mid-Senior level
Employment type
Full-time
Job function
Information Technology and Finance
Industries
Financial Services and Business Consulting and Services
#J-18808-Ljbffr