The ICT&Security function develops and manages the software applications, the Bank’s technological infrastructure and related ICT Security aspects.
It boosts the rationalization of all processes supporting business lines, through the collection of needs related to IT services and the promotion of technological opportunities offered by the evolution of the information system.
Assess IT&Security corporate-wide compliance with internal policies / standards and regulation requirements and identify actions to remediate non-compliance
Ensure that internal practices satisfy the requirements of regulatory frameworks such as GDPR,285,262, as well as all applicable local laws and regulations : collaborate with teams across the company to promote and implement adequate practices and controls ensuring compliance with policies / plans / standards
Ensure that Fineco is properly evaluating ICT&security risks by assessing the potential impact of threats to the business and Fineco's vulnerability to these threats and recommending controls to reduce risks to levels aligned with the organization's risk tolerances and appetite
Work collaboratively with 2nd / 3rd level control departments as Risk Management, Compliance, Audit to ensure that local practices are consistent with corporate approach and standards
Monitor the legal and regulatory landscape to proactively address new ict and / or information security related requirements : identify compliance objectives and map program deliverables to the requirements (i.
e. define controls that can be used to meet those requirements and update / maintain internal controls framework)
Update, implement and maintain the internal program to collect and report ICTand information security related performance metrics and key risk indicators.
Build out and maintain current GRC tools and processes within ict&information security to provide visibility and transparency
Collect information for generating and communicating both technical-detailed and high level reports, on a regular basis and as requested
What we expect from you
Ability to read, write and speak English (B2 or better)
Ability to work with cross-organizational and cross-functional teams
Bachelor’s degree in computer science / engineering or equivalent
Good problem solving skills and attention to details
At least 5 years of previous experience in ICT Risk or ICT&Security Governance role
Previous experience in coordinating governance topics in a parent company
CISA, ITIL, CGEIT and other certifications in IT Governance topic are a plus
Experience defining, revising, and implementing corporate information security policies
Experience coordinating initiatives for obtaining security related assurances (e.g., ISO 27001, COBIT, ITIL etc.) including control design and testing.
Experience creating, implementing, maintaining, monitoring and enforcing IT&Security policies, procedures, programs, and processes
Familiarity with legal regulatory requirements related to information security and IT (Bankit 285, BCE, L.231, GDPR, PSD2, ..)
Familiar with risk management and risk assessment concepts and methodologies
Share : TwitterLinkedinEmail