• Identify, monitor, and analyze operational risks arising from the execution of technology operations including but not limited to cybersecurity, cloud security, patch management, data protection/privacy, identity access management, etc. and develop evidence-based challenges focused on improving such operations
• Monitor the control inventory for sufficiency and completeness and challenge the absence of controls and implementation of controls within engineering standards
• Propose qualitative and quantitative operational risk appetite/tolerance and monitor risk taking trends through bespoke metrics at firmwide and divisional/sub-divisional levels, escalating concerns to senior management when warranted
• Conduct scenario analysis by working with stakeholders to develop plausible tail risk scenarios used in quantifying specific businesses exposure to potential risk
• Facilitate operational risk event and data collection; perform detailed reviews of trends to identify significant risks and ensure monitoring and remediation
• Review New Activities and ensure operational risks arising from acquisitions, new products and/or business, and migrations, etc. are properly considered
• Contribute to divisional and functional risk profile assessments by highlighting risk issues and trends to senior divisional managers and senior Operational Risk management team
• Conduct quarterly triggered assessments for the division to ensure the divisions risk and control self-assessment outcome are consistent, credible, and underpinned by appropriate evidence
• Remain current on business drivers, regulatory and industry changes impacting the firms information and cybersecurity activities and obligations
• Contribute to the advancement of operational risk methods and practices and the operational risk management framework
• Identify and drive initiatives that improve the risk management activities at the firm
• This role requires an energetic self-starter that can liaise with Engineering teams both regionally and globally. Experience and knowledge in a regulated enterprise network, preferably financial institution’s technology infrastructure/applications and control requirements are required together with strong interpersonal and analytical skills for this role.

Required Qualifications:

• Strong business acumen with general awareness of technology related processes, risks and business flows
• 8+ years of relevant experience, which could include working in operational risk; in a financial institution’s technology division; a technology company that builds or maintains enterprise systems, like cloud services; offensive or defensive cybersecurity; or IT or Information Security/Cybersecurity auditors.
• Strong verbal and written communication skills with the ability to present with impact and influence
• Experience with frameworks like NIST (Cybersecurity Framework, 800-53), COBIT, Cloud Security Alliance Cloud Controls Matrix, and/or ISO 27001
• Ability to work in a fast-paced environment with a strong delivery focus
• Strong organizational skills (project management experience a plus)
• Ability to work in a team environment and knowledge share with other colleagues within team
• Proficiency in World, Excel, PowerPoint, SharePoint/OneDrive – SQL, graph databases and Tableau (would be a plus)
• Familiarity with enterprise risk management best-practices and controls
• Possess a Bachelor's Degree in Computer Science, Cybersecurity, Business and Technology Management, Finance, Data Science, or related disciplines

Preferred Qualifications:

• Technology skills including substantive subject matter expertise in several areas, including:
• Deep understanding of Linux and Windows operating systems
• Internet infrastructure design and installation and support of network devices and firewalls
• Cloud computing concepts, technologies, risks and mitigating controls
• Systems and security administration and configuration of servers and desktops (UNIX, Windows, directory services etc.)
• Security risks related to web, mobile, web services, and client/server architectures
• Encryption schemes (symmetric, asymmetric, and hashing) and how they may be applied in an application architecture
• Vulnerability assessment and penetration testing methodologies and processes for web, thick client and mobile applications
• Experience with Splunk and/or other SIEM platforms would be useful but not required
• Threat modelling, intelligence and incident response
• Management, monitoring and operations of technology (backups, change management, system monitoring, incident/problem Management)
• Business continuity planning and disaster recovery design and implementation
• Security within the software development lifecycle

NA