This role is responsible for conducting end-to-end risk assessments related to Technology Risk, Information Risk, and Cyber Risk, supporting the Bank's continuous improvement and ensuring risks are well managed and mitigated.
Senior Level (AVP SAVP)
Requirements:
- Bachelor's degree in Information Technology, Cybersecurity, or related fields
- Experience in IT application development, IT audit, security testing, and analytics
- Strong knowledge of DevSecOps, SDLC, penetration testing, and data analysis/reporting tools (Excel, Power BI, SQL)
- Programming experience in Python and/or Java
- Knowledge of virtual machines, cloud environments, and open-source technologies
- Experience using open-source security tools
- Experience in data/log correlation and reporting (SQL, Power BI, QlikView, R, Excel formulas)
- Background as Business Analyst or Application Developer is a plus
- Proven experience leading and managing a team
- Strong planning, execution, and task tracking skills
- Strong problem-solving mindset with practical and secure solutions
- Good communication and stakeholder management skills
Responsibilities:
- Conduct thematic and end-to-end application security assessments
- Identify potential vulnerabilities and technology risks in Bank systems
- Propose risk mitigation strategies and improvement plans
- Collaborate with Business and Technology teams across the Bank
- Track and monitor findings and remediation progress
- Develop themes and trends for ongoing risk assessments
- Prepare management reports and dashboards (risk metrics & trends)
- Investigate incidents and perform root cause analysis
- Develop and manage thematic assessment plans
- Supervise and validate control testing activities
- Identify emerging threats and external incidents and translate them into lessons learned
Junior Level (Senior Manager)
Requirements:
- Bachelor's degree in Information Technology, Cybersecurity, or related fields
- Experience in IT application development, IT audit, security testing, and analytics
- Knowledge of DevSecOps, SDLC, penetration testing, and reporting tools (Excel, Power BI, SQL)
- Programming experience in Python and/or Java
- Knowledge of virtual machines, cloud environments, and open-source technologies
- Familiar with open-source security tools
- Experience compiling data/logs for reporting (SQL, Power BI, QlikView, R, Excel formulas)
- Experience as Business Analyst or Application Developer is a plus
- Good communication skills
Responsibilities:
- Conduct thematic and end-to-end application risk assessments
- Identify security vulnerabilities and technology risks
- Propose improvement points and risk mitigation actions
- Collaborate with Business and Technology teams
- Track and monitor findings and action plans
- Prepare management reports and visualized risk trends
- Investigate incidents and perform root cause analysis
- Conduct control testing and validation based on KRI, RCSA, and action plans
