Risk IT & Cyber Sr Analyst
Apply locations Geneva posted on Posted 2 Days Ago job requisition id Req1389326 Risk IT & Cyber Sr Analyst Country: Switzerland
Why apply for this role?
In this high-profile role, you will be responsible for implementing and overseeing the different initiatives included within Risk Management Program according to the Cyber & IT Cyber Risk Model. The role will develop IT & Cyber risk methodologies and concepts and all activities related including also coordination and participation with Operational and Enterprise Risk Management exercises.
This role should also be responsible for new emerging risks derived from Third Parties Management, Business continuity planning, and Transformation management.
You’ll be a key member of the team – helping to update the bank risk appetite, developing risk policies, setting and reviewing risk indicators, and evaluating controls in addition to participating in the development of several digitalization projects.
If you’re someone who’s performed a similar role, this is the perfect opportunity to develop your career.
What you’ll be doing
* Acts as an IT/Cyber subject matter expert while providing leadership, guidance, and mentorship to other project managers with effective and collaborative relationships with all 1LoD and Group key stakeholders.
* Review the compliance of IT/Cyber, Third Parties, Business Continuity, and Transformation Management policies and procedures.
* Implement the IT/cyber oversight program, including scope, maturity capability, and vulnerabilities follow-up.
* Support the Chief Operational Risk and Data Protection Officer to bring together a holistic picture of the technology and communication risk across the bank and provide advisory and guidance on new technologies risks.
* Maintain oversight of Data Management risk across the bank.
* Responsible for Op. risk exercises related to IT & Cyber: events escalation and reporting, RCSA, KRIs, Scenario analysis, related insurances, and mitigation actions. Also complete the necessary CPCs and quality assurances.
* Implement the Business Continuity Management model, coordinating the implementation of the Business Continuity Plan, ensuring deployment, maintenance, and continuous improvement. Includes Resilience Strategies, BIAs, Scenarios, and organizing and developing the annual testing plan.
* Oversight of the Third Parties, reviewing IT, Cyber, and Data Protection questionnaires and monitoring contracts, certifications, and SLAs.
* Support the bank fraud model implementation.
* Actively participate in the different relevant forums (IT&Cyber committee, IT incidents, and Vulnerabilities forums) and be responsible for the IT/Cyber presentations materials.
* Support and monitor the internal and external IT & Cyber audits reviews.
* Propose and follow mitigation actions for IT/Cyber incidents, weak controls, or new threats.
* Maintain up-to-date in-depth industry and technical expertise in the areas of focus, as well as related regulations (EBA ICT and security risk management, ENISA, FINMA, etc).
* Participate in certifying controls for ISAE3402.
What we’re looking for
* Expertise and in-depth understanding of the risks arising from the deployment and use of technology.
* Experience working in, or closely with, IT/Cyber Risk and Strategy.
* Knowledge of key IT Security technologies and architecture (firewalls, Virtual Private Networks, vulnerability/penetration testing, and other security devices).
* Understanding of private banking products.
* Knowledge of European and Swiss banking regulations, especially DORA and FINMA Circular 2023/1 Operational risks and resilience – banks.
Qualifications:
* Bachelor's Degree in Computer Science, System Engineering, Technology discipline, or related field. Master’s degree preferred.
* At least 3 years of experience in related roles (Cyber Security, Internal control, internal or external audit, Op. risk, etc).
* Technology and computer skills, with the ability to effectively use Microsoft Office (Word, Excel, Outlook, PowerPoint).
* Understand Auditing Accounting and IT general controls (Computer Operations, Access Controls Systems, Change Management, Database Management, and Operating systems).
* Languages: English and Spanish required. French will be considered a plus.
Desirable:
* Certified in Risk and Information Systems Control (CRISC).
* Certified Information Systems Security Professional (CISSP).
* Certified Information Security Manager (CISM).
Competences:
* Verbal and written communication skills in a timely and straightforward manner.
* Ability to work independently with limited supervision.
* Analytical and problem-solving skills as well as the ability to work independently.
* Detail-oriented with organizational skills.
* Time management skills and the ability to complete multiple projects simultaneously and in a timely manner.
* Adapts quickly to change and makes suggestions for increasing the effectiveness of change.
* Appropriately shifts attention and refocuses on new goals as a result of changes in priorities or competing work demands.
The Santander Effect
Our work touches 140 million lives every day. How? By always innovating, sharing our experiences, questioning how we do things, and adapting to new challenges.
As we keep reinventing ourselves for the digital age, you’ll find that with us, even your smallest action will have a massive impact.
#J-18808-Ljbffr