返回查询:Party Technology / 南京市
  • IT Risk Management, IT Audit, Vendor Assessment and review
  • Top Finance Group in Europe
  • Global SSC center setup

Third Party Technology Risk Analyst
Client:
World Famous Financial Banking Group

Location:
Nanjing, Jiangsu

BU:
China IT & Operation Hub

Position Purpose

  • In a context of stringent risk-control, the bank invests in IT Governance and Security controls and APAC ITO CCCO department is searching a candidate to reinforce regional IT governance within a challenging context of multiple regulatory bodies (with regulatory guidelines in constant evolution).
  • Part of ITO CCCO Governance team and with strong adherence with IT Security team and IT Operational Permanent Control team, the candidate will be responsible of on site-reviews and IT risks assessments, IT regulatory compliance and IT Security controls optimization.
  • Key drivers are to continuously assess the third party IT risks, develop IT governance and contribute to maintain an appropriate level of security in compliance with company policy and requirements from regulatory authorities and in accordance with recommendations from General Inspection, Compliance, Internal Audit and external auditors.

Responsibilities
Direct Responsibilities:

  • On Site review and IT risks assessment and follow-up:

  • Organize and perform on-Site Security review and ensure the actions follow-up

  • Assess Vendors IT risks
  • Identify risks factors
  • Participate to Technology Risks Management
  • Coordinate and follow-up audits action
  • Design, implement and execute security controls plan
  • Perform Quality Assessment on reviews

Contributing Responsibilities

  • Contribute to provide supporting documentation for Technology Risk Management (TRM) committee and Outsourcing meetings
  • Review and work with stakeholders on TRM Checklist submission for Outsourcing approvals
  • Review outsourcing proposals from Security, Technology Risk and Continuity perspectives. Escalate major risks to the Head ITO CCCO Office and liaise with the outsourcing engagement owner to discuss possible remediation actions. Share an independent opinion with RISK Department and Outsourcing Committee members.
  • Security operational processes optimization
  • Workshops and communication event organization related to IT Risks Management

Technical And Behavioral Competencies Required

  • Extended knowledge of IT Security & Risk Management concepts
  • Strong understanding of Information Security risks associated with Cloud Computing and Mobile Application
  • Experience in the IT industry with a strong background in Risk Assessment, security operations, software development, and network & system administration
  • Good understanding of financial trading and operating environment
  • Familiar with Technology Risk & Outsourcing Regulatory requirements (E.g. PBOC Guidelines, Outsourcing guidelines by the Regulator)

  • Deep knowledge in:

  • Cloud Computing and Mobile Application

  • Infrastructure and Application Risk Assessment
  • Network protocols and network connectivity concepts - Firewall and Internet technologies

  • Secure access control mechanisms

  • Technical proficiency in:

  • Unix / Linux; Windows NT / 2000 / XP / 7 operating Systems; Mainframe;

  • Sybase, Oracle, SQL and other relational Database Systems;

  • CyberArk, ArcSight, Tipping Point, MacAfee PointSec, Nessus, Rapid 7, Qualys

  • Good coordination skills with know how in defining an action plan and in progress follow-up

  • Being organized and meticulous
  • Must demonstrate ethical responsibility, maturity, and discretion.

Skills
Experience and Qualifications required

  • Solid experience in IT assessment and audits, IT outsourcing and vendor reviews
  • Solid experience in IT security
  • Strong culture of IT and IT Security standards (COBIT, ISO, NIST…)
  • Solid understanding and experience in Finance industry is a plus (2-3 years' experience in the financial industry)
  • Familiar with process analysis and improvement, drafting of workflows and procedures
  • To have good coordination skills
  • Writes clearly and informatively with a high level of sophistication
  • Presents numerical data effectively
  • Good experience of data analysis and presentation (excel functionalities, charts, graphs)
  • Fluency in English

Other Value-Added Competencies

  • Must be motivated, and able to work independently as well as part of a team
  • Attentive to detail and curious
  • Must have "risk-oriented" spirit
  • Excellent written and oral communication
  • Listens attentively and seeks clarification
  • Ability to consolidate action plans and report progress status
  • Pragmatic, 'Can do' attitude & Proactive approach with a strong ability to work on own initiative
  • Capable of adapting to a new environment and to work under pressure towards tight deadlines
  • Prior experience working in a consulting environment will be an added advantage

Certification such as CISA, CISSP, CRISC, ISO2700x is "a plus"

去原网站上申请