Develops and administer system and information ownership; information and data classification guidelines, standards and procedures. Develops, establishes and maintains standards, procedures and guidelines to promote the security and uninterrupted operations of computer-based application systems of the Company. Identify and address exposures to accidental or international destruction, disclosure, modification, or interruption of information that may cause serious financial and/or information loss to the Company.
DUTIES AND RESPONSIBILITIES:
1. Coordinates the developments, communication and implementation of the Information Technology Risk Management (ITRM) program across the Company to ensure compliance to government and BSP regulations as well as industry best practices.
2. Collaborates with the Information Technology Department (ITD), line of business and functional areas to identify and assess IT risks impacting their business activities.
3. Provides risk identification, assessment and consulting services to line of business and ITD to ensure that key IT risks are appropriately identified, measured and mitigated. This include developing IT risk assessments of applications and infrastructure, reviews of new and existing technologies and services, understanding and managing risk appetites and risk profiles and implementing action plans including policy and procedural changes for risk mitigation.
4. Manages the IT risk assessment process across the organization including external IT risk assessment.
5. Provides appropriate reporting on IT risks to management and the Board thru the Risk Management Officer.
6. Provides an independent perspective on the risk levels, mitigation activities and emerging IT risks.
7. Promotes a culture of awareness on IT risks throughout the Company by communicating IT risks requirements and best practices to the employees.
8. Coordinates the training of staff relative to IT risks and controls.
9. Participates in the committee or associated governance/review activities on key business initiative ensuring that existing and emerging IT risks for new products, processes and transformational initiatives are identified
10. Performs other duties that may be assigned from time to time.
QUALIFICATIONS: (MINIMUM EDUCATION, EXPERIENCE, TRAINING)
A Bachelor’s degree in Information Technology, Business (finance), engineering Technology, Management, computer Science or a related discipline.
Advance degree or IT-related certifications.
Three or more years of relevant experience in Information Technology, IT Security or IT risk Management in financial institution.
KNOWLEDGE AND SKILLS
Strong analytical and problem solving skills; ability to understand the overall IT infrastructure with attention to details as appropriate.
Strong knowledge of risk management activities and practices with excellent communication and relationship management skills, hands-on mentality and ability to multi-task, results driven attitude.